DIGITAL EXHAUST 
OPT OUT GUIDE caape 


For Law Enforcement Partners and Their Families 


It is recommended you follow the order of this Guide as presented. Doing so will 
assist you with the reduction of your Digital Exhaust, particularly in securing your 
Web Browser, which is a critical component of removing your Digital Exhaust. 
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2 DISCLAIMER 


2.1 PURPOSE 

The Digital Exhaust Opt Out Guide 2.0 supersedes version 1.0, which was published in October 2019 and 
is being updated as of October 2021. This Guide was created to mitigate risk for Law Enforcement 
employees’ and their families as it pertains to protecting their personal information, which is vulnerable 
to exploitation. This risk includes potential for threat actors to identify, target, and track anyone 
affiliated with Law Enforcement via use of open source, Internet-based services offering searches of 
data aggregated about the American public. To mitigate this risk, this Guide was created as a first-of-its- 
kind aid for the Law Enforcement community in highlighting and presenting recommendations to reduce 
these vulnerabilities. This document is for informational purposes only. Questions about this document 
can be directed to the email address listed below in Section 2.5. 


2.2 LIMITING LIABILITY 

This Digital Exhaust Opt Out Guide was prepared as a collection of best practices to assist Law 
Enforcement employees. Neither the United States Government nor any agency thereof, nor any of 
their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility 
for the accuracy, completeness, or usefulness of any information, or process disclosed. Reference herein 
to any specific commercial product, process, or service by trade name, trademark, manufacturer, or 
otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by 
the United States Government or any agency thereof. The views and opinions of authors expressed 
herein do not necessarily state or reflect those of the United States Government or any agency thereof. 


2.3 LINKS 


The appearances of hyperlinks, which are external to Law Enforcement databases, are provided as a 
convenience and for informational purposes only; they do not constitute endorsement by the Federal 
Bureau of Investigation. The Federal Bureau of Investigation bears no responsibility for the accuracy, 
legality or content of the external site or for subsequent links. Contact the external site for answers to 
questions regarding its content. The links provided within this Guide are current as of the publication in 
October 2019. 


2.4 CONTENT 

No policy may contradict, alter or otherwise modify the standards of your Law Enforcement agency. 
Nothing in this Guide supersedes existing law and/or Department of Justice policy. Precautions must be 
taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized 
access. 
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2.5 AVAILABILITY 
If you have questions, concerns or comments regarding the Digital Exhaust Opt Out Guide, please direct 


any inquiries to the email address kc_digitalexhaust @fbi.gov. 
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3 WHAT Is DIGITAL EXHAUST? 


Digital Exhaust is data on the Internet about you.’ ? It is all the information or ‘consumer data’ a person 
creates as they interact with web sites and services. You create some of it and others create some of it 
about you.” * These data points are exploitable to find, target, and track you.° Your Digital Exhaust 
holds extremely sensitive information that identifies you and reveals your private activities. Controlling 
Digital Exhaust is possible but complex.° This document serves to make it easy, or at least easier. 


3.1 WHY SHOULD YOU CARE? 

Because your privacy matters. Consider the vast amounts of personal information that different services 
hold about us and be mindful of what you give other organizations access to.’ The privacy choices you 
make can have lasting impacts on you and your loved ones for better or worse.® This guide is laid out for 
you in a way that is the key difference in aiding FBI employees and their families in opting out of their 
data and taking positive steps towards keeping their Digital Exhaust from repopulating and out of the 
hands of a variety of threat actors.° 


3.2 WHY DOI NEED A GUIDE? 

Every interaction you have with the internet and technological tools leaves a trace, and these traces can 
be valuable.?° Heading into this blindly will consume and waste a lot of your time.*? Not anymore. These 

preventative measures are simple enough to employ and use safely in everyday life, both physically and 

online, while comprehensive enough to deny spectrum access to threat actors who could gain important 
operational advantages at the expense of you — an FBI employee — or your family.’ 


3.3. WHERE DO! ACTUALLY FIT INTO THE DIGITAL EXHAUST LANDSCAPE? 


Here. This is you. 


Figure 1. Digital Exhaust Ecosystem. 
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This is also you. 
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Figure 2. Digital Exhaust Ecosystem Players?? 
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4 TOPS FRAMEWORK 


To combat Digital Exhaust, it is recommended that users conduct a personal risk assessment of what 
they define as acceptable levels of risk for themselves and their family. 


e This personal risk assessment often involves users assessing what pieces of their personal 
information form key assets, what they can remove online, what they cannot remove online, 
what they can obfuscate through deception and/or disinformation or simply allowing errors that 
may exist with Data Brokers and Data Aggregation websites to hold misinformation which also 
obfuscates an identity or exact personal information. 

e Before a user can conduct a risk assessment, it is important they have the right mindset and 
then use a framework. One framework they can use is called TOPS. 


e TOPS stands for Threats, Opportunities, Preventative Measures and Strengths. This framework 
is applied as follows: 


Digital Exhaust 
TOPS Framework 


Threats Opportunities Preventative Strengths 
Measures 
¢ Who are the threat ¢ What opportunities ¢ Whatare * What are my 
actors lam most does my Digital preventative strengths in regards 
concerned with Exhaust allow for measures I can take to where my Digital 
researching my exploitation by to address Exhaust is 
Digital Exhaust? assessed threat weaknesses in my controlled? 
actors? Digital Exhaust? 


4.1 THREATS 


Using TOPS helps a user SPOT who they assess to be their biggest Threat Actors and prioritize where 
they invest their time to minimize the impact on their life.“ 


e "Who are the threat actors |am most concerned with researching my Digital Exhaust?"* 
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4.2 OPPORTUNITIES 
Using TOPS always reminds a user of what they POST online. 
e "What opportunities does my Digital Exhaust allow for exploitation by who | assess to be my 
Threat Actors ?"7® 


4.3 PREVENTATIVE MEASURES 
Using TOPS helps a user STOP problems through mitigation. 


e "What are preventative measures | can take to address my weaknesses in my Digital 
Exhaust?"?” 


4.4 STRENGTHS 
Using TOPS helps a user’s decision-making as it pertains to what OPTS | choose to execute. 


e Dol opt out of data?® 

e Dolopt into a service to help me control my personal information? ¥° 

e Doloptto create disinformation, which pollutes the data broker ecosystem 
© Dol opt to do nothing and allow misinformation to circulate to my advantage? 7? 


2 20 


It all factors into the question a user can ask through TOPS: 


e "What are my strengths in regard to where my Digital Exhaust is controlled?"2 


4.4.1 TOPS Output 


As it pertains to user’s Digital Exhaust, you can use this framework and choose what makes up your 
personal information's Key Assets. 


e It is only then a user can begin assessing how their Digital Exhaust can be exploited and can 
begin building preventative or protective measures to mitigate their risk across a spectrum of 
tracking capabilities their family and they face personally. 

e = This framework can aid a user in understanding and shifting how they interact with their Web 
Browser, Mobile Phone and Mobile Apps, Social Media platforms and the totality of their privacy 
settings, which can be used for their benefit. The primary issue for a user is and will always be 
the intent of who can exploit the totality of their Digital Exhaust and for what purpose.”? 


4.5 PERSONAL INFORMATION "Key ASSETS" 


Personal Information key assets are critical pieces of a user’s personal information that deserve special 
protection because of their destructive potential.” 


e This Guide defines destructive potential as any key assets that if exposed publicly, could help 
targeting efforts by threat actors who could endanger a user’s family or themself through 
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intimidation or physical violence and/or damage my reputation or finances through identity 
theft or financial swindles. 


4.5.1 Types of Key Assets 
How does a user show what key assets within their personal information require special protection? 


e For this Guide, the following key assets are the ones that users should apply preventative 
measures to include: 


e First and Last Name 

e Date of Birth 

e Home Address 

e Social Security Number 
e Username(s) 

e £-Mail Address(es) 

e IP Address(es) 

e Telephone Number(s) 

e Credit Card Number(s) 


4.5.2. Preventative Measures Applied To "Key Assets" 


Once a user has named what threat actors they may meet, they can begin evaluating the totality of 
preventive measures and tailor them to be employed to thwart specific or all threat actors. These 
preventative measures may range from: 


e Ensuring simple privacy settings are configured correctly. 

e To mitigating physically consequential risks associated with their personal telephone number, 
home address and people search sites. 

e Mitigating advanced threats such as ensuring a user has properly reduced any emissions of their 
Digital Exhaust on issues such as Online Behavioral Advertising, which looks to use a user’s 
Activity-Based Intelligence to figure out their Patterns-of-Life, through Mobile Advertising, 
Behavioral Targeting, Categorical Targeting, Retargeting, Search Retargeting, and Dynamic Ads. 

e Tomore subtle yet intrusive issues like ensuring a user has 

Mitigated Intelligent Tracking Prevention techniques, 

Identified and disabled location tracking, 

Disabled their photo's metadata, 

Ensured they have deidentified their debit and credit card’s ability to track their card 

transaction data, 

o And prevented their Web Browser from actively exploiting their Browser’s unique 
fingerprint. 


Oo -O: -O' © 
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Ele THEDATA 5 THE GUIDE 
| Df rie rvees or pasa aon een communes ADMIT To cout terING Presently, the FBI actively investigates a broad range of threat actors, 


many of whom have resources and technical abilities that can be used 
to target FBI employees and their families. 


e These threat actors will continue to exploit the ever-increasing 
variety, volume, and speed of data sources to target FBI employees and 
their families, which requires the deployment of preventative 
measures. 


(| 


e Perform these opt out steps to control your digital exhaust. 
Progress through the Guide in the order presented for best results. 


Q 
+ 


5.1 SECURING YOUR WEB BROWSER 


Tracking of browsing behavior is part of the daily routine of internet 
use. Companies use it to adapt ads to the personal needs of potential 
clients or to measure their range.7° 


a 
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5.1.1 Tracking Cookies 


Cookies are a way to store user settings for websites locally in the 
browser.’ For example, you might set your preferred time zone, which 
would result in a cookie being created in your browser with that 
setting. 


5.1.2 Browser Fingerprinting 
Browser Fingerprinting, which is difficult to block, is based on the idea 
that every computer configuration is unique in some way.” 


’ 


e A lot of that data is directly available to the sites you visit, 
usually for compatibility purposes. 

e While cookie tracking works by placing a unique identifier on a 
person’s web browser, fingerprinting takes place when a company 
creates a profile of your device’s unique characteristics. 


All web browsers collect the following 10 types of data about you: 
1. Your hardware and software. 

2. Your connection information (to include your IP address and 
browser speed). 

3. Your geolocation data. 

4. Your browsing history.” 
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SECURITY 
| 3 BARON 


Your mouse or touch pad movements. 

Your device’s orientation (if using a Mobile browser). 

Your information about which social networks you are logged into while browsing.*° 

Your installed fonts and which language you are using on your operating system. 

Your image data. 

10. In addition, other technical data, including your screen size, touchscreen support, user agent, 
status of the Do Not Track (DNT) header, and more. 


£0200: SOO 


5.1.3. Web Browser Extensions and Add-Ons 
Google Chrome and Mozilla Firefox supply straightforward ways to combat this including the use of add- 
on “extensions” which serve you by building layers of security into those browsers. 


e Visit the articles at the URLs below for advice about these types of extensions then view the 
sample user extension setups for Chrome and Firefox to get a feel for how you can control 
collection on your 10 data types. 

e NOTE: The Guide suggests adding the extension found below as Protect My Choices first on all 
your browsers then adding Ghostery second followed by others. 

e = This order will first opt your browsers out of interest-based advertising (aka online behavioral 
advertising) then, second, protect them by blocking tracking ads altogether. 

e Besure to test your browser after setup of add-on extensions to detect any continued 
unwanted collection or transmission of your data. 

e This can be done via open-source tools like Webkay (What Every Browser Knows About You) and 
Panopticlick; the URLs for these websites are available in Section 3.1.2. 


5.2 ONLINE BEHAVIORAL ADVERTISING 

Also called “Interest-based advertising”, online behavioral advertising targets users with ads based on 
third-party predictions of their interests and preferences.*! These predictions are based upon data 
collected from their devices’ web viewing behavior over time and across non-affiliated websites. 


e You cancontrol some of this collection via your web browser’s privacy controls, by choosing to 
Opt Out from the online behavioral advertising services run by the Network Advertising Initiative 
(NAI) and Digital Advertising Alliance (DAA), and by resetting your mobile advertising identifier 
(see section 3.6.1).22 

e Further information about online behavioral advertising is available at the Association of 
National Advertisers at URL https://www.ana.net/about. 

e You can also enable your browser to run a privacy tool like Ghostery, which blocks advertising 
attempts to gain access to your information. Ghostery can be read about at the URL 


https://www.ghostery.com/?2 
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5.2.1 Browser Privacy Controls 
Chrome http://support.google.com/chrome/bin/answer.py ehl=en&answer=95647 
Firefox http://support.mozilla.org/en-US/kb/Enabling and disabling cookies#w_how- 

do-i-change-cookie-settings 
Internet http://windows.microsoft.com/en-US/internet-explorer/delete-manage- 
Explorer cookies#ie=ie-11 
Safari https://support.apple.com/guide/safari/manage-cookies-and-website-data- 
sfri11471/mac 
Opera http://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/ 
Chrome https://support.google.com/chrome/answer/2392709 ?hl=en 
Firefox https://support.mozilla.org/en-US/kb/clear-your-browsing-history-and-other- 


Desktop 


personal-dat 
Internet http://www.windowsphone.com/en-us/how-to/wp7/web/changing-privacy- 


Explorer and-other-browser-settings 


Mobile 


Safari https://support.apple.com/en-us/HT201265 

Opera http://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/ 
Silk http://www.amazon.com help/customer/display.html?nodeld=201730580 
Android Click top right corner with three dots, Settings, Privacy 

Browser 


5.2.2 Online Behavioral Advertising Services 
Network Advertising Initiative (NAI) http://optout.networkadvertising.org/2c=1 
Digital Advertising Alliance (DAA) http://www.aboutads.info/choices, 
WebChoices Tool 
AppChoices (Mobile Apps) http://www.aboutads.info/appchoices 
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6 PRIMARY DATA BROKERS 


Data brokers collect and sell data about consumers.* *° They do not have a direct relationship with 
anyone they collect about, but they do sell data to other parties, like companies or individual marketers, 


for their commercial purposes. 


Primary Data 


Broker 


36,37,38,39,40, 41 Primary data brokers sell data to other data brokers.” 


Opt Out Method 


Marketing Choice 


Acxiom https://isapps.acxiom.com/optout/optout.aspx 

CoreLogic https://www.corelogic.com/privacy-policy/ It is recommended you contact them 
via the email privacy@corelogic.com and you can provide them with 
documentation to opt out available at URL 
https://www.corelogic.com/downloadable-docs/teletrack-out-opt-form.pdf 

Oracle Data https://datacloudoptout.oracle.com/optout 

Cloud 

Epsilon 1. Email optout@epsilon.com; or, 
2. Call 1-888-780-3869; or, 
3. Send mail to Epsilon, P.O. Box 1478, Broomfield, CO 80036 

AddThis https://www.addthis.com/privacy/email-opt-out 

Data and https://dmachoice.thedma.org/register.php (Please note that DMA is now 


charging a $2 fee to register online. If you do not wish to pay $2, you can use the 
following URL https://dmachoice.thedma.org/prefill mailin registration.ph 
to fill out a form and mail your request into DMA.) 


Direct Mail http://www.directmail.com/mail preference 

E-Bureau http://www.ebureau.com/privacy-center/opt-out for Opting Out will now route 
you to TransUnion's Opt Out link. It should be noted that older Opt Out guidance 
lists Opting Out of E-Bureau so simply Opt Out through TransUnion. 

Experian https://www.experian.com/privacy/opting out.html 

Opt Out https://www.optoutprescreen.com/selection 

Prescreen 

TowerData https://instantdata.towerdata.com/optout 

TransUnion https://www.transunion.com/customer-support/marketing-offers-opt-out 

Consumer 


6.1 REAL ESTATE ONLINE LISTINGS 
You should consider removing pictures of your home from real estate services’ online listings. These 
often display both exterior and interior images of your residence. 


e Further privacy can be achieved by suppressing curbside images of your home from showing in 
Google Street View and Bing Curbside. More advice can be at this URL 
https://www.thebalance.com/remove-old-home-photos-from-real-estate-websites-4102195 
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6.1.1 Real Estate Online Service Privacy Links 


Service Privacy Settings 


Zillow https://zillow.zendesk.com/hc/en-us/articles/218578357-Owner-Dashboard 
https://zillow.zendesk.com/hc/en-us/requests/new 

Trulia https://support.trulia.com/hc/en-us/requests/new 

Realtor Sign up, control of listing 

Beatin Sold-Home 

Movoto Contact customercare@movoto.com 

Homesnap — Contact support@homesnap.com 


6.1.2. How to Remove Curbside Pictures of Your Home 


Service Privacy Settings 


Google https://www.wikihow.com/Opt-Out-of-Google-Street-View 

Street View https://support.google.com/websearch/answer/4628134?hl=en 

Bing https://www.bing.com/maps/privacyreport/streetsideprivacyreport?bubbleid=198628 
Streetside 406 
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7 SOCIAL SECURITY NUMBER 


The following information from the Social Security Administration (SSA) explains how the nine-digit 
SSAN (aka SSN) is composed of three parts. More available at URL 
https://www.ssa.gov/history/ssn/qgeocard.html 


e The first set of three digits is called the Area Number. 
e The second set of two digits is called the Group Number. 
e The final set of four digits is the Serial Number. 


~Area Number 
- Group Number 
> Serial Number 


5 wGugeh hen ape peTARCES Fon 


JOHN DOE 


Jokn Doe 


7.1.1 Area Number 
The Area Number is assigned by the geographical region. Prior to 1972, cards were issued in local Social 
Security offices around the country and the Area Number stood for the State in which the card was 
issued. This did not necessarily have to be the State where the applicant lived, since a person could 
apply for their card in any Social Security office. 


e Since 1972, when SSA began assigning SSNs and issuing cards centrally from Baltimore, the area 
number assigned has been based on the ZIP code in the mailing address provided on the 
application for the original Social Security card. 

e The applicant's mailing address does not have to be the same as their place of residence. Thus, 
the Area Number does not necessarily stand for the State of residence of the applicant, prior 
either to 1972 or since. 

e Numbers were assigned beginning in the northeast and moving westward. 

e Therefore, people on the east coast have the lowest numbers and those on the west coast have 
the highest numbers. 


e In 2007, the SSA gave public notice that it intended to abandon its previous method for 
choosing Social Security numbers and instead to go to a random process for assignment. The 


SSA followed through with that change in June 2011. 
7.1.2. Group Number 


Within each area, the group number (middle two (2) digits) range from 01 to 99 but are not assigned in 
consecutive order. 
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e For administrative reasons, group numbers issued first consist of the ODD numbers from 01 
through 09 and then EVEN numbers from 10 through 98, within each area number distributed to 
a State. 


e After all numbers in group 98 of a particular area have been issued, the EVEN Groups 02 through 
08 are used, followed by ODD Groups 11 through 99. 


7.1.3 Serial Number 


Within each group, the serial numbers (last four (4) digits) run consecutively from 0001 through 9999. 
When the government introduced the Social Security program with its numbers in 1936, it was never 
meant to be so widely used to find and track individuals. 


e Today, this number is used for everything from its original purpose — to track your lifetime 


earnings and calculate your Social Security benefits — to opening a checking account or fill out a 
new-patient form at the doctor's office. 


e Inthe United States, many businesses will ask for your Social Security number simply because it 
is a convenient way for them to find customers. 

e Unfortunately, threat actors can use your Social Security number to commit identity theft, so 
you should always guard your Social Security number carefully and only give it out when 
necessary. 


7.2 PROTECTING YOUR SSN 


Now that you understand what makes up an SSN, here are some simple ways you protect your SSN: 


7.2.1 Offer an Alternative Form of Identification 


If a business or organization asks for your Social Security number, offer your driver’s license number 
instead. 


e Other alternative forms of ID include a passport, proof of current and earlier address (bills) or 
even a student ID from a college or university. 


7.2.2. Ask Why and How the SSN Will Be Handled 


If the business insists, ask questions. You have a right to know why it is necessary to supply your SSN and 
how it will be handled. Here are some questions: 


e Why is having my SSN necessary? 
e With whom will you share my SSN with if | provide it? 
e How will my SSN be stored? Will it be encrypted? 
e Doyou have a privacy policy, and may | see it? 
e Will you cover my liability or losses if my SSN is stolen or compromised? 
o Unfortunately, if you are asked to supply your SSN by a business or institution that does 
not need it and you say no, it can refuse to supply services to you or put conditions on 
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the service—such as a deposit or added fees. However, the question to always ask is “do 
| want to do business with a business that does not care about my privacy concerns?” 


7.2.3. Leave Your Card at Home 
Do not carry your card around with you in your wallet or purse. 


e Donot enter it into your phone, laptop, or other device. It is unlikely you will need your card and 
when you do need it, it does not come as a surprise. 


7.2.4 Shred Mail and Documents with Personal Details 
Discarded mail and documents are easy places for identity thieves to search. Do not just throw out 
papers that hold personal details such as your SSN. 


e Geta shredder at a discount or office supply store and use it on a regular basis. 
e Do not leave mail in an outside mailbox for prolonged periods. Stealing mail is another way a 
thief can make off with your identity. 


7.2.5 Do Not Use Your SSN as a Password 
Do not use the whole number—or part of it—as a password for anything! The password file can be 
stolen and decrypted, or someone can just watch you type it in from over your shoulder. 


e Also, if you need to require it for legitimate purposes in a public place, be careful who may be 
able to eavesdrop on your conversation. 


7.2.6 Do Not Send Your SSN via Electronic Device 
Never type your SSN into an email or instant message and send it. Most email messages can be 
intercepted and read in transmission. 


e Also, do not leave a voice mail that includes your SSN. If you need to contact someone and give 
them your number, it is always best to do so in person. 

e If you need to do so on the phone, ensure you are speaking to the right person, so you are not 
swindled. 


7.2.7. Do Not Give Your SSN Out 
You should never supply your SSN to someone you do not know who calls you on the phone and 
requests it. This same warning applies to unsolicited emails and any forms you fill out on the internet. 


e In general, do not give your SSN to anyone unless you are certain they have a reason and a right 
to have it. 


7.2.8 Monitor Bank and Credit Card Accounts 
Keep close tabs on your bank and credit card balances. 


e This is one way to make sure your SSN and identity have not been compromised. 
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e Many banks let you sign up for account alerts. They will send you text alerts or call you if 
transactions exceed a certain amount or if someone tries to use your SSN to access your 
account. 

e You canalso check your credit score on a regular basis at AnnualCreditReport.com. You can do 
this once a year free. 

e If the Social Security Administration is still sending you an annual statement detailing your 
earnings, and it looks abnormal, someone might be using your SSN for employment purposes. 
You can register to get statements at the Social Security Administration's website. 


7.2.9 Use an Identity Protection Service 
You can register with (and pay for) an identity protection service such as LifeLock, IdentityForce, or 
Identity Guard. 


e Such services supply identity insurance—for a fee, that typically starts around $10 per month. 


e Banks and credit unions also have packages they sell to customers, as do major credit rating 
agencies such as Experian and TransUnion. 


7.2.10 Do Not Forget to Protect Your Child's SSN 


e While you are protecting your own Social Security number, make sure you are equally watchful 
about your children's numbers. 


7.2.11 Block Access to Your SSN 

e Electronic and phone access to SSN information can be blocked by going to the Block Electronic 
Access page on the Social Security Administration's website. Once there, you will verify your 
identification and confirm your intention to block your Social Security number. 

e Blocking your number will prevent access by anyone, including you. If conditions change or you 
need access to your information, the block can be lifted either permanently or temporarily by 
contacting the Social Security Administration. 

e If you would like more information about the benefits of blocking your SSN, read the article at 
URL https://www.sapling.com/6926296/block-social-security-number 


Service URL 
SSA Block Electronic Access Page https://secure.ssa.gov/acu/IPS_INTR/blockaccess 
SSA Contact Page http://www.socialsecurity.gov/agency/contact 


Office of the Inspector General: SSA __https://secure.ssa.gov/ipff/home 


Scam Reporting Form 


7.2.12 E-Verify 
E-Verify, authorized by the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA), 
is a web-based system through which employers electronically confirm the employment eligibility of 
their employees. 


e  E-Verify is administered by SSA and U.S. Citizenship and Immigration Services (USCIS). USCIS 
facilitates compliance with U.S. immigration law by supplying E-Verify program support, user 
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support, training, and outreach, and developing innovative technological solutions in 
employment eligibility verification.*? 


7.2.13 E-Verify Self Lock 


Self-Lock is the unique feature that lets you protect your identity in E-Verify and Self Check by placing a 
"lock" on your Social Security number (SSN). 


e This helps prevent anyone else from using your SSN to try to get a job with an E-Verify 


employer. 
If an employer enters your locked SSN in E-Verify to confirm employment authorization, it will 
result in an E-Verify mismatch, called a Tentative Nonconfirmation (TNC).”* 


7.2.13.1 Using E-Verify Self Lock 


To access Self Lock, you must be logged in to your myE-Verify account. To lock your SSN, you must enter 


your SSN and date of birth. myE-Verify does not store your SSN when you create your account, so you 
must supply your SSN to "lock" it. 


e = Inaddition, you must select and answer three challenge questions. Select questions you can 


easily answer, because you will need to answer them again to verify your identity if you receive 
an E-Verify Tentative Nonconfirmation due to Self-Lock. 
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8 PEOPLE SEARCH SITES 


People search sites enable the public to search names and other personally identifiable information.*” *© 


47,48 Returns from these searches include property addresses, points of contact, family members, aliases, 
and more associated with the searched information with varying degrees of accuracy. 


People Search Site Opt Out Method 


Addresses https://www.intelius.com/opt-out/submit 

Archives http://www.archives.com/?_act=Optout 

BeenVerified https://www.beenverified.com/f/optout/search 

Cubib https://cubib.com/optout.ph 

FamilyTreeNow https://www.familytreenow.com/optout 

FastPeopleSearch https://www.fastpeoplesearch.com/removal 

Instant Checkmate https://www.instantcheckmate.com/opt-out 

Intelius https://www.intelius.com/optout 

Lexis Nexis https://www.lexisnexis.com/en-us/privacy/for-consumers/opt-out-of- 
lexisnexis.page? 

Peek You https://www.peekyou.com/about/contact/optout 

People Finders https://www.peoplefinders.com/opt-out 

People Smart https://www.peoplesmart.com/optout-go 

People Wiz https://www.peoplewhiz.com/remove-my-info 

Pipl https://pipl.com/help/remove 

Radaris https://radaris.com/ng/page/removal-officer 

Social Catfish https://socialcatfish.com/opt-out 

Spokeo https://www.spokeo.com/optout 

SpyFly https://www.spyfly.com/help-center/remove-info 

ThatsThem https://thatsthem.com/optout 

TruePeopleSearch https://www.truepeoplesearch.com/removal 

USA People Search https://www.usa-people-search.com/manage 

White Pages https://www.whitepages.com/data-polic 

USPhoneBook http://www.usphonebook.com/opt-out 
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Q MOBILE PHONES AND MOBILE BROWSING 


For most of us, our mobile phone is the single most valuable tool we carry, but malicious actors can also 
use it against us.” It is important to know what your phone holds” and how it can make you vulnerable 


to attacks.** 


e Mobiles phones have a variety of sensors and software, which generate data useful for finding 


and tracking you. 


52,53,54,55, 56 


e Check your location settings and advertisement settings via advice below. Be aware smartphone 
apps could also leak your personal data to include your location.°7°%°%© § 
e Privacy advice for safely downloading smartphone apps can be read at the URL 


Apple and Android technology settings. 


9.1.1 


-smartphone-apps/ and below for 


Mobile Phones 


Platform Technology Privacy Advice 


Location https://www.digitaltrends.com/mobile/android-privacy-guide 
Settings Pixel only: https: 
google-pixel-0193251/ 

Limit App : 
Store out-of-personalized-ads 

Android | Interest- 
based Ads 
Limit Ad https://support.google.com/accounts/answer/2662856 ?co=GENIE.Platform%3DDesktop&oco=1#everywhere 
Tracking 
Location https://support.apple.com/en-us/HT207092 
Settings 
Limit Ad https://support.apple.com/en-us/HT202074 
Tracking 

Apple Limit App https://support.apple.com/en-us/HT202074 
Store 
Interest- 
based Ads 
Reset 

Apple Mobile . 

and Advertising 
Android Identifier 
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9.2 IPHONE PRIVACY SETTINGS 


Apple in June 2021 introduced the latest version of its iOS operating system, iOS 15, which was released 
in September 2021. Apple’s iOS 15 is the latest version of the mobile operating system and features 
several new privacy features that were not previously available with older operating systems. The 
newest privacy features are as follows: 


9.2.1 Custom Alphanumeric Code 
With the rollout of iOS 15, you can now generate a strong passcode using Custom Alphanumeric Code if 
you suspect someone knows your passcode.” To do so, complete the following steps: 
e Goto Settings > Face ID & Passcode (or Touch ID & Passcode). 
e Turnon Face ID/Touch ID. 
e Turn onscreen Auto-Lock. 
Go to Settings > Display & Brightness and tap Auto-Lock and set to 30 seconds or 1 minute. 
e Make sure iOS is up to date. 
Go to Settings > General > Software Update and make sure Automatic Update is enabled. 
e Keep all your apps updated. 
Go to Settings > App Store and make sure App Updates are enabled. 


9.2.2. Record App Activity 
A new feature in iOS 15 is the ability to log what apps are up to on your iPhone. The feature is called 
Record App Activity, and this allows you to get a lot of when an app does one of the following®: 


e The user's photo library 

e Acamera 

e The microphone 

e The user's contacts 

e The user's media library 

e Location data 

e Screen sharing 

e To enable this feature, go to Settings > Privacy and then scroll down to find Record App 
Activity. 


9.2.3. Built-in Authenticator 
With the rollout of iOS 15, users have the option to use a built-in authenticator rather than simply 
choosing to use a third-party two-factor authenticator app.™ If you choose to use this feature, simply 
follow the steps below: 

e Got to Settings > Passwords, and then for each password entry, you can tap on it to get access 
to a choice called Set Up Verification Codes... which allows you to enter the information needed 
either using a setup key or QR code. 

e Using a two-factor authenticator is far more secure than relying on SMS messages, so you 
should use this feature either using Apple's authenticator or another app to get the highest 
security. 


9.2.4 Hide Your IP Address from Trackers 
Safari can now cloak your IP address from trackers on websites, making it impossible for your browsing 
to be logged.®° 
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e Go to Settings > Safari and set Hide IP Address to From Trackers. 


9.2.5 Secure your browsing 
If you have an iCloud+ subscription, Apple has just given you a great reason to use the Safari browser -- 
iCloud Private Relay. This is like a VPN in that it sends your web traffic through other servers to keep 
your location secret. 
e To enable iCloud Private Relay, you will need an iCloud+ subscription. 
e Then go to Settings, and at the top, tap your name and then go to iCloud and enable Private 
Relay. 


9.2.6 Stopping Email Trackers 
Protect Mail Activity is a feature built into the Mail app that prevents people from knowing if emails 
have been opened.®” 
e To enable this feature, go to Settings > Mail, tap on Privacy Protection and enable Protect Mail 
Activity. 
e If iCloud Private Relay is a good reason to switch to Safari, then this feature is a good reason to 
switch to Mail. 


9.2.7 Privacy-focused Apple Calendar Settings 
While there is no known open-source reporting about Apple calendars being used by threat actors to 
target users through the creation of messages used in phishing schemes or social engineering attacks, 
the following URLs will help you ensure your Apple Calendars are configured properly. 


Browser Privacy Control URL 

Apple Calendar https://support.apple.com/kb/PH2690?locale=en_US 
(Share Calendars) 

Apple Calendar https://support.apple.com/guide/icloud/stop-sharing-a- 
(Stop Sharing Calendars) calendar-mm6b1a8f9f/icloud 


9.2.8 iPhone App Store Personalized Recommendations 
Click on the Account Settings button, which will prompt you for your passcode or a biometric identifier. 
Once in, look for the setting entitled Personalized Recommendations. 


e If the switch is green, the settings is enabled, and you iPhone will send you Personalized 
Recommendations. Ensure the switch is not green to disable this feature. 

e Apple describes Personalized Recommendations as ““when you download from a Store, or install 
an app on your Apple Watch, identifiers such as Apple logs your device’s hardware ID and IP 
address along with your Apple ID. Apple further describes that they find ways use information 
about your browsing, purchases, searches, and downloads. These records are stored with IP 
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address, a random unique identifier (where that arises), and Apple ID when you are signed into a 
Store “at the URL https://support.apple.com/en-us/HT208477 


Account Settings 


Apple ID 


Editing your Apple ID and password will take you to 
appleid.apple.com. 


Family Sharing 


Country/Region 


The country/region for your Family is managed by 


Add Funds to Apple ID 


Ratings and Reviews 


Personalized Recommendations 


When Personalized Recommendations is turned on, your 
downloads, purchases, and other activity will be used to 
improve your recommendations on the iTunes Store, the 
App Store, and Apple Books. 


9.2.9 Country/Region Settings 
It is important to note that US users should ensure the Country/Region is set to the United States and 
not set to a different country. 
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e Amisconfiguration of these setting risks having all your account’s data transferred to another 
country beyond the protections afforded by the US Constitution AND may directly expose it to 
threats from any government who’s Intelligence or Law Enforcement services may or may not 
have means to decrypt what is stored in their country. 

e Additional information on tips on how to ensure your safety when traveling to high-risk areas 
can be found at the URL https://travel.state. gov/content/travel/en/international- 
travel/before-you-go/travelers-with-special-considerations/high-risk-travelers.html. 


9.3 IPHONE ADS AND LOCATION SETTINGS 

This section guides you how to control your iPhone’s Analytics and Advertising, Location Services, 
ability to deliver Location-based Apple Ads, track your Significant Locations, and ability to deliver 
Personalized Recommendations through your location. This URL will inform you how your iPhone 
shares analytics, diagnostics, and usage information with Apple. 


e With the rollout of Apple’s new iOS 15, the following tips are still applicable though users have a 
greater ability to manipulate privacy settings within iOS 15. This URL will inform you on some 
key features within iOS 15 that will better enhance your iPhone Analytics. 


Share iPhone Analytics 


Analytics Data 


Help Apple improve its products and services by 
automatically sending daily diagnostic and usage data. Data 
may include location information. Analytics uses wireless 


data. About Analytics & Privacy... 


Share iCloud Analytics 


Help Apple improve its products and services, including Siri 

and other intelligent features, by allowing analytics of usage 
and data from your iCloud account. About iCloud Analytics & 
Privacy... 


9.3.1 iPhone Advertising 
Click on the "Reset Advertising Identifier" section periodically to ensure you are controlling what Apple 
describes as "Segments" of your personal information and data.® If you would like to know more about 
the information used by Apple to deliver relevant Apple ads to you in Apple News and the Apple App 
Store, click the "View Ad Information" section to view your personalized data. 
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e You can read more about “segments” at the URL https://support.apple.com/en-us/HT205223 


€ Privacy Advertising 


ALL ADVERTISERS 


Limit Ad Tracking 


Reset Advertising Identifier... 


Opt out of receiving ads targeted to your interests. You may 
still receive the same number of ads, but the ads may be less 
relevant to you. 


ADVERTISING IN APPLE APPS 


View Ad Information 


View the information used by Apple to deliver more relevant 
ads to you in Apple News and the App Store. Your personal 
data is not provided to third-parties. 


About Advertising & Privacy... 


9.3.2 iPhone Location Services 
Open Settings and tap Privacy. You will now see the Location Services as shown in the graphic. According 
to Apple, Location Services uses GPS and Bluetooth (where available), along with crowd-sourced Wi-Fi 
hotspots and cellular towers to find the approximate location of your device.°° 


e The website also describes Apps won't use your location until they ask for your permission and 
you allow permission." Review this for yourself at the URL https://support.apple.com/en- 
us/HT207092 ”° 

e Click on Location Services and you will see all the Apps your phone has installed and what type 
of access you have given each App about using your iPhone's location. You have three options 
available: "Always", "While Using The App" and "Never". 

e What setting you use depends on your preferences so after you evaluate your App location 
settings, scroll to the bottom of the page, and look for System Services, as shown in the graphic. 
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9.3.3. iPhone Location-based Apple Ads 


Sy] System Services 4 


~{ Ahollow arrow indicates that an item may receive your 
location under certain conditions. 


-f Apurple arrow indicates that an item has recently used 
your location. 


-~ A gray arrow indicates that an item has used your location in 
the last 24 hours. 


Then, 
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< Back System Services 


Cell Network Search 


Compass Calibration 


Emergency Calls & SOS 
Find My iPhone 

Homekit 

on-Based Alerts 
Location-Based Apple Ads 


on-Based Suggestions 


Motion Calibration & Distance 
Setting Time Zone 
Share My Location 
Wi-Fi Networking & Bluetooth 


Significant Locations 


PRODUCT IMPROVEMENT 


iPhone Analytics 
Popular Near Me 


Routing & Traffic 


9.3.4 iPhone Significant Locations 
The Significant Locations setting allows your iPhone to keep track of places you have recently been as 
well as how often and when you visited them.” 
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e Apple explains these data are "encrypted and stored only on your device and will not be shared 
without your consent. It is used to provide you with personalized services, such as predictive 
traffic routing, and to build better Photos Memories" at the URL https://support.apple.com/en- 
us/HT207056 


€ Settings Privacy 


Location Services On 


' Contacts 


Calendars 


Reminders 


9.3.5 Find My 
Within iOS 15, the Find My app introduces new abilities to help locate a lost device that has been turned 
off or erased using the Find My network.” Any trusted connections to a user can share their location 
with which will continuously live-stream their location to provide a sense of direction and speed.’”? There 
are also new Separation Alerts to notify a user if they leave an AirTag, Apple device, or Find My 
accessory network behind in an unfamiliar location.” 


9.4 ANDROID PRIVACY SETTINGS 

Your Android phone includes records of everywhere you go alongside most, if not all, of your digital 
communication and Internet search history.” The following section is designed to help users to 
understand and adjust privacy settings and reduce their Digital Exhaust. ”° 


9.4.1 Connected devices 
e On the Settings screen, tap Connected devices. 
e If there are any connections you are not using right now, such as Bluetooth, tap them and toggle 
them off. Only enable connections when you truly need them. This limits the ways your device 
could be compromised and limits how your location can be tracked.” 


9.4.2 Apps & Notifications 
e Inthe top left, tap the back arrow until you are back to the Settings screen. Then, tap Apps & 
notifications. 
e Tap See all # apps. Go through the App info list and for any that, you do not truly need, tap the 
app, and then tap Uninstall. Many pre-installed apps cannot be uninstalled, so you will not see 
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an Uninstall button. For those, you can tap Disable to turn the app off and hide it from your 
device.” 

In the top left, tap the back arrow. Then, tap the Permission manager. Tap each permission 
(Body sensors, Calendar, etc.) to see the apps with that permission. If any app should not have 
the permission, tap it, and then tap Deny. 

In the top left, tap the back arrow. Then, tap Advanced, then Emergency alerts. Toggle on any 
emergency alerts you want to receive. 
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Permission manager 


Body sensors 
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Calendar 


Call logs 


allows 


Camera 


Contacts permission 


Chrome 


CONTACTS ACCESS FOR THIS APP 


Allow 


Deny 


See all Chrome permissions 


Display 
In the top left, tap the back arrow until you are back to the Settings screen. Then, tap Display. 
Tap Screen timeout. Choose a brief time (| recommend 1 minute or less). When you add a 
screen lock later, this will cause the screen to lock after a brief period, preventing others from 
using your device. 
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9.4.4 


9.4.4.1 


Go back to the Display screen, then tap Advanced, and then Lock screen display, then Lock 
screen. | recommend choosing Don’t show notifications at all, because notifications can reveal 
sensitive data (messages, calendar reminders, etc.). 

Tap Lock screen message. Here you can set a message that shows on the lock screen. If a Good 
Samaritan finds your device, this will tell them how to contact you. However, do not give away 
too much personal info, because a nefarious person could use it against you. Do not put your 
home address. | recommend putting a phone number and/or email address. 


Android Privacy 
In the top left, tap the back arrow until you are back to the Settings screen. Then, tap Privacy.”° 
Tap Autofill service from Google, if you want your device to automatically fill in personal info, 
addresses, and passwords for you. If you previously enabled this and now want to disable it, | 
will tell you how in the System section. 
Go back to the Privacy screen, then tap Advanced, then Activity controls. | recommend that you 
toggle off as many as possible; to reduce the amount of data Google collects about you. | cover 
these controls in the Google Account Security & Privacy Guide. 
Go back to the Privacy screen, and then tap Ads. Toggle on Opt out of Ads Personalization to 
reduce the amount of data Google collects about you. 
Go back to the Privacy screen, and then tap Usage & diagnostics. | like to share data that helps 
make software and services better if my data is anonymized. If you prefer, you can toggle Off. 


Location 
In the top left, tap the back arrow until you are back to the Settings screen. Then, tap 
Location.** 
If you do not want to use the location at all, you can toggle off Use location. Note that location 
must be on for Find My Device to work (which lets you remotely find, lock, and wipe/erase your 
device).® 
Tap Wi-Fi and Bluetooth scanning. | recommend toggling these off unless you truly need exact 
locating. If you toggle these on your device can use Wi-Fi and Bluetooth signals for location, 
even when you have turned off Wi-Fi and Bluetooth. 


9.4.4.2 Android Security 


In the top left, tap the back arrow until you are back to the Settings screen. Then, tap Security.” 
Tap Google Play Protect, then the gear icon in the top right. Toggle on Scan apps with Play 
Protect and Improve harmful app detection.® 
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Play Protect settings 


General 


Scan apps with Play Protect 


an 


Protect can scan this device and 
you about harmful apps 


Improve harmful app detection 


oend 


pette 


9.4.4.3 


unknown apps to Google for 


r detection 


Go back to the Security screen, and then tap Find My Device. It is recommended toggling this 
on. It allows you to remotely find, lock, and wipe/erase your device if it becomes broken, lost, or 
stolen. 

Go back to the Security screen, and then tap Security update, if you see it. If it shows an 
available update, install it. 

Go back to the Security screen, and then tap Screen lock. Setting a password is best, but 
because it is annoying to type a password on a mobile device, consider setting a pattern or PIN. 
Ensure the pattern is complex, and the PIN is at least 6 digits (the longer, the better). 

Go back to the Security screen, and then tap Fingerprint. You can choose to use your fingerprint 
along with another screen lock method. 

Go back to the Security screen, and then tap Advanced, then Encryption & credentials. If you 
do not see Encrypted under Encrypt phone, then tap it to enable encryption. Encrypting your 
device is one of the best things you can do to secure it, because it means that if someone steals 
your device, they will not be able to see or copy your data off the device. 


Text (SMS) Message Security 


Text (SMS) messages are not secure. |f you are communicating about anything sensitive or 
confidential, you consider a secure, private messaging app. 


9.4.4.4 Accounts 


In the top left, tap the back arrow until you are back to the Settings screen. Then, tap Accounts. 
Android is meant to be used with a Google account. If you sign into a Google account, you will 
have many more options. However, you can use an Android device without a Google account. 
Another choice is to create a separate Google account that you use just for Android, and do not 
use it for anything else. 
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e You can toggle Automatically synchronize data if you want apps to automatically synchronize 
with accounts. If you toggle it off, you can still manually synchronize accounts. 

e Tap an account, and then tap Account sync to customize what is synchronized. Toggle off any 
items that you do not need to be synchronized to your device. 


Google Play Movies & TV 


Google Play Music 
sync is OF 


People details 


‘Ola 
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9.4.4.5 Android Anti-Malware 


It is always recommended that you use antivirus software to protect your Android device. 
One choice is to manually scan weekly (run an on-demand scan), rather than having an anti- 
malware app run constantly in the background (sometimes called real-time scanning). 


9.5 GOOGLE ACCOUNT SETTINGS 


9.5.1 


In the top left, tap the back arrow until you are back to the Settings screen. Then, tap Google. 
Tap Account services, then Connected apps. You will see the apps and devices connected to 
your Google account. If any should be disconnected, tap them, and click Disconnect. 

In the top left, tap the back arrow until you are back to the Account services screen. Then, tap 
Search, Assistant & Voice, and then Google Assistant. Google Assistant is, well, Google’s digital 
assistant, the equivalent of Amazon’s Alexa and Apple’s Siri. To work, Google Assistant sends a 
lot of data about what you say, type, and do to Google. If you do not want to use it, tap the 
Assistant tab, and scroll down to Assistant devices. Tap your device. Then, toggle off Google 
Assistant. 

Anyone who is near your Google speaker or display device can request information from it, and 
if you have given your device access to your calendars, Gmail or other personal information, 
people may be able to ask your device about that information, depending on your personal 
results settings and Voice Match settings. Google employees and trusted third parties can also 
access your conversation history in line with Google’s Privacy Policy. 


Google Assistant 


Google Assistant 


9.5.2 


If you want to use Google Assistant, go back to the Account services > Search, Assistant & Voice 
screen and configure the settings in Google Assistant and Voice. 

If your child will be using this device, you can go back to the Google screen and tap Parental 
controls to set up Google Family Link. \t lets you control content, apps, and screen time. 


System 
In the top left, tap the back arrow until you are back to the Settings screen. Then, tap System. 
If you previously enabled Autofill service from Google (to automatically fill in personal info, 
addresses, and passwords) and now want to disable it, tap Languages & input, then Advanced, 
then Autofill service, then Autofill service. Then, select None. 
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Go back to the System screen, and then tap Backup. Toggle on Back up to Google Drive unless 
you will be using a different backup service. If you are running Android 9 (“Pie”) or later, Google 
cannot see your backup data. 

If your backups are uploaded in Google, they are encrypted using your Google Account 
password. For some data, your phone’s screen lock PIN, pattern, or password is also used for 
encryption. 


This decryption key is encrypted using the user’s lock screen PIN/pattern/passcode, which is not 
known by Google. ... By design, this means that no one (including Google) can access a user’s 
backed-up application data without specifically knowing their passcode. 


Backup 


Back up to Google Drive 


e. Learn more 


9.5.3 


Updating Apps 
Because app updates often fix security vulnerabilities, you should install them as soon as they 
are available. 
Open the Google Play app, then tap the menu (hamburger icon, 3 horizontal lines in the top 
left), then tap Settings, then Notifications. Toggle on Updates. 
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e Tap the back arrow in the top right to go back to Settings, and then tap Auto-update apps. Set it 
to Over Wi-Fi only. If you rarely connect to Wi-Fi, set it to Over any network. 
e Whenever your device shows that updates are waiting to be installed, install them. 


Auto-update apps 


Over any network 
O Dat d 


a charges may apply 


@ Over Wi-Fi only 


©) Don't auto-update apps 


9.6 Mobile BROWSING 

Online privacy is a major concern in the tech world, and by far some of the biggest privacy issues arise 
when you browse the internet, even if you use a mobile browser.®’ Having a solid understanding of 
these privacy settings is critical to reduce your Digital Exhaust, as a user will be exposed to many 
techniques to track them around the web due to cookies, your IP address, and other device-specific 
identifiers.® 


Platform Technology Privacy Advice 


Chrome https://defendingdigital.com/google-chrome-security-privacy-guide 
Browser | Firefox https://restoreprivacy.com/firefox-privac 
Safari https://defendingdigital.com/apple-safari-security-privacy-guide 
Brave https://support.brave.com/hc/en-us/articles/360017989132-How- 
do-l-change-my-Privacy-Settings- 
Edge https://privacyinternational.org/guide-step/4333/edge-adjusting- 
settings-enhance-your-online-privacy 
Opera https://help.opera.com/en/latest/security-and-privac 
Google https://www.cnet.com/google-amp/news/do-you-care-about- 
online-privacy-then-change-these-browser-settings-immediately/ 
DuckDuck Go https://spreadprivacy.com/how-anonymous-is-duckduckgo 
Search 5 : ; 
Engine Google https://www.pcworld.com/article/3299042/privacy/google-privacy- 


checkup-fag.html 
https://www.pcworld.com/article/3315701/mobile/how-to-delete- 


google-search-history.html 
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9.7 MOobsile TWO-FACTOR AUTHENTICATION 
e If you do not have two-factor authentication (2FA) enabled yet on your iPhone, consider doing 
so. This adds another layer of security to your logins by requiring more than just your 
password.°? 
e These codes often arrive via text or email, though you can get 2FA codes through an app 
instead. Here is how to enable that feature: 


9.7.1 iPhone Two-Factor Authentication 
Here is how to enable that feature on an iPhone: 


e Goto Settings > [your name] > Password & Security and tap Turn on Two-Factor 
Authentication. 

e Tap Continue, and then enter the phone number where you want to receive the verification 
codes. 

e Tap Next and enter the code. 


9.7.2. Android Two-Factor Authentication 
Here is how to enable that feature on an Android: 


e Open your Google Account and select Security. 

e Select 2-Step Verification (under Signing into Google) and then Get started. 

e Now pick a method for verification: Google prompts, security keys, Google Authenticator or 
similar apps, or a verification code sent to your phone via text or call. 


9.8 GEOLOCATION DATA 
Information about where devices are found can serve as a proxy for where individuals are found over 
time®°, which can be very revealing of an individual’s behavior’, interests®, or beliefs”. 


e Mobile devices, from smart phones to tablets to fitness trackers, have become intertwined in 
many people’s lives over the last decade, supplying many benefits and becoming almost 
indispensable.** 

e However, the benefits and convenience can come at a cost.” 

e Mobile devices store and share valuable location data by design. 

e This data can reveal details about the number of users in a location, user and supply 
movements, daily routines and can expose otherwise unknown associations between users and 


locations.” 


The following graphics give you an overview of how location data is generated, who has access to it, and 
how is it used. 
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THE WORLD OF GEOLOCATION DATA >| sana 


Information about where devices are located can serve as a proxy for where individuals are located over time, which can be very 
revealing of individual behavior, interests, or beliefs. How is location data generated, who has access to it, and how is it used? 


HOW A DEVICE LOCATES ITSELF HOW LOCATION DATA IS COLLECTED 


Mobile devices contain hardware sensors that allow them Collecting location data from a device usually requires 2 coordinated 
to detect a wide variety of signats. interaction between the user the operating system (05), and the 
physical hardware. Here is how those layers interact: 


The device hardware 2 The OS analyzes the signals and 
provides the technical permission 
layer for Apps to request access to Caries 
a precise location measurement. Cell phone carriers generally know where devices are 
located because they direct calls and content to phones 
through local cell towers. This information ts collectively 
known as cell site location information (CSU}. 


POTENTIAL SAFEGUARDS 


Different entities are subject to different 
restrictions. Broadly appbcable privacy 
and consumer protection Laws may also 
apply. Here are some examples: 


ENTITIES THAT ACCESS, USE, OR SHARE 
LOCATION DATA 


Different entities provide services that require or use location data 


Satellites (GPS) ou for a wide range of purposes. Here are some examples: 
> os detects signals from 
sutroundings 


Operating System (0S) 

Providers of mobile operating systems may know 
where devices are located as a result of providing 
services or enabling tocation features. 


éom e # 


3 The App requests 
permission from the 
user via the OS. 


4 The OS provides a precise 
location measuremem and 
timestamp to the app. 


Data Brokers, Aggregators, and Other Third Parties 
Location data may be licensed, sold, or otherwise 
disclosed to a vanety of downstream entities that do 
not have a direct relationship with the user, for example: 


60% chance 
of raint 


NS 


advertising networks, hedge funds, consumer data 
re-sellers, traffic and transportation analytics firms, 
or government buyers. 


Location Analytics Providers 

Many airports, stadiums, and stores analyze signal dats 

emitted by connected devices (mobile phones, fitness 

trackers, etc } to better understand their busiest hours 
Mf) inrstore foor-tatic 


Apps and App Partners 
Many apps provide location-based features, such as 
weather alerts. In addition, many share location data with 

™ partners, for example to detect fraud, provide anatytics, 
oF to target ads. Most apps use Software Development 
Kits (SDKs), or code developed by third parties, to enable 
features and allow partners direct access to data. 

ee 
yo) 


‘it 


po 


DETERMINING RISK IN 
LOCATION DATASETS 


factors to consider when evaluating 
privacy risks: 


Precision and Accuracy 


Location data can be accurate 


{reveating of a device's “true location") 
of inaccurate. as well as precise (such 
8s a street corner], or imprecise (such 


‘as a city or country). 


Persistence and 

Prolonged tocation tracking is more 
revealing of individual behavior. A persistent 
identifier (such 25 an IME! number or an 
advertising 1D) usually creates more risk 
than a random, rotating identifier. 


Sensitive Locations 

Known tocations (such 25 2 persons home 
‘or workplace), or sensitive locations (such 
as schools or clinics) can increase risk of 
re-iderification or reveal intimate 
information. 


Many techniques can be applied to reduce the 
risk of identifying individuals within a focation 
dataset, including aggregating the daca. or 
applying computational methods such as 
difterentiat privacy. tisk can also be reduced 


through administrative access controls. 


9.9 Stop CONTACTS FROM SYNCING TO MOBILE Apps 


9.9.1 iPhone Settings 
e Go to Settings, Screen Time, and then Content & Privacy Restrictions (as shown in the graphic). 


47 | Page 


<Back Content & Privacy Restrictions 


Content & Privacy Restrictions T @ 


iTunes & App Store Purchases 
Allowed Apps 


Content Restrictions 


PRIVACY 


Location Services 


Contacts 


e Then, Enable Content & Privacy Restrictions. 
e Scroll down the Privacy section and tap on Contacts. Tap Do not Allow Changes to lock the 
settings your iPhone's contacts are now locked down from Apps. 


€ Back Contacts 


Allow Changes 


Don’t Allow Changes v 


Disallowing changes locks the settings shown below and 
prevents new apps from using your contacts. 


9.9.2 Android Settings 
Steps may vary depending on which Android Mobile Phone you use, but generally: 


Open the Settings app. 

Tap the Apps & notifications choice. 

Tap the app you want to examine. 

Tap Permissions to see everything the app can access. 

To turn off permission, tap on it. You might need to tap a confirmation box here as well. 


WwW PwnbP 
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9.10 BLOCKING UNWANTED CALLS 


9.10.1 Your Personal Telephone Number 
Your personal telephone number is one of your biggest digital exhaust personal vulnerabilities.*° °You 
can decrease this vulnerability by setting up extra security for the phone. 1° 


e If you switch your phone number, often, recycled numbers allow new customers access to old 
customer information, opening opportunities for a variety of potentially exploitative 
encounters.*™ 

e Create a security code and/or obfuscate the true number by creating a separate forwarding 
number. Read about this at the URL https://techcrunch.com/2018/12/25/cybersecurity-101- 


quide-protect-phone-number/ 


9.10.2 iPhone: How to Block a Number 
There are multiple methods of how to block a number on iPhone devices. Before following the steps 
below, make sure your iPhone is updated. 


9.10.2.1 Via Your Call History 
e Goto your Phone icon/app. 
e Click on the blue ? symbol next to the restricted call. 
e Choose Block this caller to block the specific restricted call. 


9.10.2.2 Use Do Not Disturb 
e Go to Settings > Do Not Disturb. 
e Scroll down to Allow Call From and click on that. 
e Choose who you want to accept calls from, such as your Favorites or All Contacts. 
e Onthe Do Not Disturb page, make sure your other settings are set the way you want them. 
e Turn onthe Do Not Disturb button at the top of the page. 


9.10.3 Android: How to Block a Number 
e Goto your Phone icon. 
e Click on the restricted call and then the ? symbol (may also say Details). 
e Choose Block Number at the bottom of your screen.?™ 


9.10.3.1 Set up a Personal Telephone Number Code 


Carrier Instruction 
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AT&T https://www.att.com/esupport/article.html#!/wireless/KM1051397 ?gsi=Ks1FJro 

Sprint https://www.sprint.com/en/support/solutions/account-and-billing/learn-more-about- 
your-account-pin.html 

T-Mobile https://support.t-mobile.com/docs/DOC-37477 

Verizon https://www.verizonwireless.com/support/account-pin-fags 


9.10.3.2 Set up a Separate Forwarding Telephone Number 


Platform Technology Privacy Advice 


Google Voice https://itunes.apple.com/us/a oogle-voice/id318698524?mt=8 
Apple My Sudo https://mysudo.com 
Others https://www.makeuseof.com/tag/5-apps-getting-temporary-burner- 
phone-number/ 
Google Voice https://play.google.com/store/apps/details?id=com.google.android.a 
Android pps.googlevoice&hl=en US 
Others https://www.makeuseof.com/tag/5-apps-getting-temporary-burner- 
phone-number/ 


9.11 SECURING YOUR PERSONAL EMAIL ADDRESS 


Create unique disposable email addresses for different online accounts. It is also highly recommended 
that you create a separate email address when opting out of your Digital Exhaust. 


e This can be read about at the URL https://www.digitaltrends.com/computing/best-sites-for- 
creating-a-disposable-email-address/ and URL https://mashtips.com/disposable-email- 
services/. 
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10 WI-FI, BLUETOOTH AND NEAR FIELD COMMUNICATION 


Threat actors can compromise devices over public Wi-Fi, Bluetooth, and Near-Field Communications 
(NFC), a short-range wireless technology.*% This puts personal and organizational data, credentials, and 
devices at risk. 


e Devices include laptops, tablets, mobile, wearable, and others that can connect to public 
wireless technologies. 

e The guidance throughout helps users understand the risks in using public wireless technologies 
and enable them to make calculated decisions about the level of risk they accept. 

e Ataminimum, it is recommended users disable Wi-Fi, Bluetooth, and NFC when not in use.?™ 


10.1 WI-FI 
There are two kinds of Wi-Fi networks: secured and unsecured.*°> Most Wi-Fi networks that are created 
for home and business uses are password-protected and encrypted.?° 


e However, most public Wi-Fi hotspots are set up strictly for convenience — not security.?”” 

e Anunsecured Wi-Fi network can be connected to within range and without any type of security 
feature like a password or login.?8 

e Incontrast, a secured network requires a user to agree to legal terms, register an account, or 
type in a password before connecting to the network.?” 


10.1.1 Public Wi-Fi Recommendations 


It is recommended that you DO NOT: 
e =Allow your Wi-Fi to auto-connect to networks. 


e Log into any account via an app that has sensitive information. Go to the website instead and 
verify it uses HTTPS before logging in. 

e Leave your Wi-Fi or Bluetooth on if you are not using them. 

e Access websites that hold your sensitive information, such as such as financial or healthcare 
accounts.*"° 

e Log onto a network that is not password protected. 


It is recommended that you DO 
e Disable file sharing 


e Only visit sites using HTTPS. 

e Log out of accounts when done using them. 

e Use aVPN, like Norton Secure VPN, to make sure your public Wi-Fi connections are made 
private. 
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Classic Bluetooth Bluetooth Low Energy (BLE) 
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Wireless devices streaming Sensor devices sending 
rich content like data, video, small bits of data, using very 
and audio little energy 

(device pairing required) (device pairing not required) 


10.2 BLUETOOTH 


In the simplest terms, Bluetooth is the technology that enables exchange of data between devices 
within a short amount of distance. 


What separates Bluetooth radio waves from the broadcast sent out by a radio station is the fact 
that Bluetooth waves do not travel extremely far and are constantly switching frequencies. 
Most Bluetooth devices have a maximum connectivity range of about 30 feet, and that distance 
is reduced when obstacles are present.*"* 

Bluetooth Low Energy (BLE)—also known as Bluetooth Smart—is the latest version of Bluetooth 
technology that offers significantly less power consumption and costs compared to Classic 
Bluetooth while still supporting a similar communication range.1 

Bluetooth and Wi-Fi are often complementary, working at the same time and offering much the 
same connectivity, you may not always know which hardware is pairing with which devices. 
Just know that if in range, devices previously paired via Bluetooth will try to automatically 
connect."33 


10.2.1 Bluetooth as an Attack Vector 
There have been many noteworthy Bluetooth vulnerability discoveries in recent years and the 
sophistication of the attacks will only evolve.** 


Disturbingly, hackers no longer need to be nearby the devices to carry out their exploits.** 


Bluetooth was designed for short-range communications, but because they have radios, cyber 
thieves can exploit a system remotely and then use that system’s Bluetooth interface to launch 
an attack. 

In this role, it is possible for an attacker to not only run these attacks remotely while in 
proximity, but also conduct them from much further away using low-cost equipment. 


52 | Page 


10.2.2 Notable Bluetooth Vulnerabilities 
Because of an attackers’ ability to implement remote attacks via radio, the increasing threat from 
Bluetooth devices to network security is a top concern for security teams. Here are the top eight recent 
Bluetooth vulnerability discoveries?”® that organizations have had to address: 


10.2.2.1 BIAS (Bluetooth Impersonation AttackS) 
Earlier this year, a new Bluetooth flaw dubbed BIAS was discovered with the potential to expose billions 
of devices to hackers. BIAS allows cyber-criminals to create an authenticated Bluetooth connection 
between two paired devices without needing a key.2”” 


e The attacker can take over communication between the two devices by impersonating either 
end such as a mouse or a keyboard, giving the intruder inside access to the targeted device.178 

e Once inside, the masquerading attacker can then implement malicious exploits such as stealing 
or corrupting data.1!” 


10.2.2.2 BleedingBit 
The attacker can use Bluetooth Low Energy (BLE) implementation vulnerabilities for remote code 
execution”? and total machine take over to infiltrate networks??. 


10.2.2.3  BlueBorne 
An attacker can actuate carefully constructed packets to cause buffer overflows?”*, which can be 
exploited for code execution?”?. 


e The attackers can then take over a machine running Bluetooth Classic and use it as a potential 
entry point for malicious activity.’ 


10.2.2.4 Bluetooth Denial of Service (DoS) Via Inquiry Flood 
This DoS attack targets BLE devices, running down their batteries and preventing them from answering 
other requests from legitimate devices.’”° 


e This is particularly concerning for medical devices being used in life-saving situations.’”° 


10.2.2.5 Fixed Coordinate Invalid Curve Attack 
Hackers can crack the encryption key for both Bluetooth and BLE because of subtle flaws in the Elliptic 
Curve Diffie- Hellman key exchange process.??” 


e Attackers can imitate devices, inject commands, and penetrate for added security flaws.?7° 


10.2.2.6 KNOB (Key Negotiation of Bluetooth) 
An attacker can crack encryption on a Bluetooth conversation and then snoop to see all encrypted traffic 
as if it was plaintext.?2° 


e The attacker can erase or inject packets, and ransom or publish the captured details.1°° 


10.2.2.7 Malicious Applications Leveraging Radio Frequency Interfaces 
Leveraging a downloaded app, a cybercriminal can access an iPhone’s camera and microphone without 
permission. 
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e The attacker can then record and exfiltrate audio and video, and then ransom or publish the 
compromised information.**? 


10.2.2.8 Sweyntooth 
An attacker within radio range can trigger deadlocks, crashes, and buffer overflows or completely detour 
security by sending faulty packets over the air.1° 


e If successful, this could result in the crash of devices such as medical equipment, potentially 
causing harm to patients, or other loT connected devices in offices or homes.*?? 


10.2.3 Bluetooth Beacons 
If you own a business or are involved in marketing, you have some level of understanding about how 
beacon technology works** and you may have even received a Google beacon as part of Project 
Beacon’, a program Google launched?** to send free beacons to businesses with the aim of enabling 
proximity-based triggers and actions in both the digital and physical world. This Digital Exhaust is based 
on location-tracking data, gleaned from mobile phone users who have their Bluetooth enabled by 
default or by accident, as many people do.*°” 


e With the emergence of COVID-19 in 2020, the issue of just how valuable and detailed our 
collective Digital Exhaust is has been proven by both Google*® and Facebook**? who began 
sharing location-tracking information with various authorities around the world to help them 
plan their COVID-19 containment strategies. 

e The data supplied is "anonymized" and "aggregated", so there are no personally identifying 
markers. Nevertheless, the data does track people's movements - for example, Google's 
Mobility Reports°, which it is made available for 131 countries and regions show foot traffic 
trends at various locations over time. 


10.2.4 Securing Bluetooth 
As a wireless data transfer standard, Bluetooth has some associated cybersecurity risks. You do not want 
unauthorized parties to access the data you are transferring via Bluetooth, nor do you want them to 
have access to your Bluetooth-enabled devices. 


e = |t helps to know what the security risks with Bluetooth are so you can enjoy all the convenience 
of the widespread wireless technology while mitigating its risks. 


10.2.4.1 Physically Secure Your Device 
You may want to set up a “find my device” service on your phone through a trustworthy entity like 
Apple or Google so you have a way of using their technologies to find and remotely lock your device if 
you lose it. 


10.2.4.2 Avoid Using Bluetooth to Communicate Sensitive Information 
If you choose to use Bluetooth to transfer sensitive information from your device to another device, 
consider encrypting your files first. 
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10.2.4.3 Turning Off Bluetooth Discoverable Mode 


Ensure you turn off Bluetooth discoverable modes after pairing a new peripheral with your 
device. 

Once paired, you do not need to have discoverable mode on because your device will already 
know the peripheral’s unique identifying code. 

This will also secure your device from any unwanted pairing attempts. 


10.3 NEAR FIELD COMMUNICATION NFC Bluetooth 


Bluetooth and Wi-Fi while like near field 
communication on the surface, do have 
distinct differences. 


Communication Communication 
Range: Range: 


All three allow wireless 
communication and data 
exchange between digital 
devices like smartphones. 

Yet near field, communication 


uses electromagnetic radio fields while technologies such as Bluetooth and Wi-Fi focus on radio 
d.141 


Buzzle.com 


Re ys 3] 


transmissions instea 


Near field communication, or NFC for short, is an offshoot of radio-frequency identification (RFID) with 
the exception that NFC is designed for use by devices within close proximity to each other. 


Devices using NFC may be active or passive. A passive device, such as an NFC tag, holds 
information that other devices can read but does not read any information itself. Think of a 
passive device as a sign on a wall. Others can read the information, but the sign itself does 
nothing except send the info to authorized devices.1“ 

Active devices can read information and send it. An active NFC device, like a smartphone, would 
not only be able to collect information from NFC tags, but it would also be able to exchange 
information with other compatible phones or devices and could even alter the information on 


the NFC tag if authorized to make such changes. 


To ensure security, NFC often sets up a secure channel and uses encryption when sending sensitive 
information such as credit card numbers. 


Users can further protect their personal data by keeping anti-virus software on their 
smartphones and adding a password to the phone so a thief cannot use it if the smartphone is 
lost or stolen.1 

Unaccustomed users of near field communication, especially for payment purposes such as 
storing credit card information, may be concerned about the security and safety of their 


confidential information. 
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10.3.1 NFC Vulnerabilities 
Security attacks include eavesdropping, data corruption or modification, interception attacks, and 
physical thefts. Below we cover the risks and how NFC technology works to prevent such vulnerabilities: 


10.3.1.1 Eavesdropping 
Eavesdropping is when a criminal “listens in” on an NFC transaction. The criminal does not need to pick 
up every single signal to gather confidential information. Two methods can prevent eavesdropping. 


e First, there is the range of NFC itself. 

e Since the devices must be close to send signals, the criminal has a limited range to work in for 
intercepting signals. Then there are secure channels. 

e When a secure channel is set up, the information is encrypted and only an authorized device can 
decode it. 

e NFC users should ensure the companies they do business with use secure channels. 


10.3.1.2 Data Corruption and Manipulation 
Data corruption and manipulation occur when a criminal manipulates the data being sent to a reader or 
interferes with the data being sent so it is corrupted and useless when it arrives. 


e To prevent this, secure channels should be used for communication. 
e Some NFC devices “listen” for data corruption attacks and prevent them before they have a 
chance to get up and running. 


10.3.1.3 Interception Attacks 
Like data manipulation, interception attacks take this type of digital crime one-step further. A person 
acts as a middleman between two NFC devices, receives, and alters the information as it passes 
between them. This type of attack is difficult and less common. 


e To prevent it, devices should be in an active-passive pairing. 
e This means one device receives info and the other sends it instead of both devices receiving and 
passing information. 


10.3.1.4 Theft 
No amount of encryption can protect a consumer from a stolen phone. If a smartphone is stolen, the 
thief could theoretically wave the phone over a card reader at a store to make a purchase. 


e To avoid this, smartphone owners should be diligent about keeping tight security on their 
phones. 

e By installing a password or other type of lock that appears when the smartphone screen is 
turned on, a thief may not be able to figure out the password and thus cannot access sensitive 
information on the phone. 

e Through data encryption and secure channels, NFC technology can help consumers make 
purchases quickly while keeping their information safe at the safe time. 
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11 DEBIT AND CREDIT CARD TRACKING 


Although it is illegal for financial institutions to sell your information, sharing your information is often 
important for their business operations and your information to be shared internally and with affiliates 
and non-affiliates. 


e Affiliates are companies related by control or ownership, and non-affiliates are outside 
companies. The companies can be financial or non-financial in nature. Companies share your 
information with both parties to market to you. 

e Some companies often claim a user's privacy would not be violated as all personal data has been 
de-identified and pseudonymized, (i.e., your personal information) like name and credit card 
number have been replaced by pseudonyms. 


e If you would like to know more about privacy choices for your personal financial information, 
read the article by the Federal Trade Commission URL 
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12 SOCIAL MEDIA PLATFORMS 


The role of social media in our lives continues to grow each year and so too does the amount of personal 


information which can be found through our online personas. 


144 145 


While who and what we share through social media is a personal choice™®, it is recommended 
that you be intentional about who you share your data with?””, to include which sites and 
platforms that you trust and consider worth the risk.1” 

The role of the section below is to inform you of several privacy settings to aid you in securing 
your social network accounts so that you only share information with people you choose and 
not those you do not. 

Online social media services are teeming with private and public personal information.‘ °° 
Control yours via the below links to privacy settings. 

Further, ensure your account usernames and/or account unique IDs do not correlate with your 
personal data, and do not respond to messages or accept connection requests from parties you 
do not know or cannot confirm to be legitimate. 


12.1.1 Social Media Privacy Settings Links 


Service Privacy Settings 


Facebook https://www.facebook.com/about/basics 


Instagram _https://help.instagram.com/196883487377501 


Line 


https://help.line.me/line/?contentlId=20002865 


LinkedIn 


settings?lang=en 


Pinterest https://help.pinterest.com/en/article/edit-account-privac 


Skype 


skype-for-windows-desktop 


SnapChat https://support.snapchat.com/en-US/a/privacy-settings2 


Tumblr https://tumblr.zendesk.com/hc/en-us/articles/115011611747-Privacy-options 
Twitter 7 
public 
Viber https://support.viber.com/customer/en/portal/topics/592905-security-and- 
privacy/articles 
https://help.wechat.com/cgi- 
WeChat bin/newreadtemplate?t=help center/topic list&plat=2&lang=en&Channel=helpcenter 


&detail=1003386 


WhatsApp _shttps://fag.whatsapp.com/en/android/23225461/?category=5245250 


YouTube 


https://support.google.com/youtube/answer/157177?co=GENIE.Platform%3DDeskto 
&hl=en 


12.2 FACEBOOK 
Facebook is a social networking website where users can post comments, share photographs, and post 
links to news or other interesting content on the web, chat live, and watch short-form video. Shared 
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content can be made publicly accessible, or it can be shared only among a select group of friends or 
family, or with a single person.*°? 


Facebook’s business model relies upon selling targeted advertising to you based on the personal 
information you share with it via its online social media services.*** **The following techniques can help 
mitigate any personal risk you assume by using these services. 


12.2.1 Standalone Email Addresses/Phone Numbers 
Use a standalone email address that is not linked to any other account beyond Facebook. It is also 
recommended that you use a separate mobile number as well if possible. 


12.2.2 Mobile Phone/Web Browser Settings 
It is recommended that you ensure that your mobile phone and web browser privacy settings are 
properly configured. 


e To ensure this, please go through and apply guidance on these topics elsewhere in this 
document. To do so please see Sections 3.7.1 and 3.7.2. 


12.3 FACEBOOK ACCOUNT SETTINGS 


12.3.1 Password Protection 
Create a Facebook password different from the passwords you use to log into other accounts. For added 
tips, visit fb.me/Passwords. You can also test any sample password you choose at the URL 
https://howsecureismypassword.net, 


12.3.2 Login Notifications 
Facebook will send you a notification if someone tries logging into your account from a new device or 
browser. 


e Tolearn more, visit fb.me/LoginNotifications 


12.3.3 Login Approvals 
Facebook will prompt you enter a special security code (two-factor authentication) each time you try to 
access your Facebook account from a new computer, phone, or browser. 


e To learn how to turn on Login Approvals, visit fb. me/LoginApprovals. 


12.3.4 Trusted Contacts 
Trusted contacts are friends you can reach out to if you ever need help getting into your Facebook 
account. 


e Once set up, if you are unable to access your account, your trusted contacts can access special, 
one-time security codes from Facebook via a URL. 

e You can then call your friends to get the security codes and use those codes to access your 
account. 

e To set up your trusted contacts, visit fb.me/TrustedContacts. 
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12.3.5 Login Location and Device Check 
The Where You are Logged In section of your Security Settings shows you a list of browsers and devices 
that have been used to log in to your account recently.*4 


e You will also see the choice to End Activity and log yourself out on that computer, phone, or 
tablet. 
e To review your active sessions and log out from unused browsers and apps, visit 


fb.me/ActiveSessions. 


12.3.6 Customize Notifications 
You can adjust what Facebook activity you are notified about and how you are notified. 


e For more details, visit fo.me/Notifications. 


@° General Account Settings 
®@ Security 

=) Notifications 
ae Applications 
fal Mobile Username 


Name 


3) Payments 
a Facebook Ads 


Email 


Password 


Networks 


Linked Accounts 


Language English (US) 


Download a copy of you 


ok © 2011 - English (US) About * Advertising * Create a Page - Developers « Careers « Privacy * Terms * Help 


Figure 3. Facebook Account Settings. 


12.4 FACEBOOK SECURITY CHECKUP 
Use Facebook's Security Checkup to review and add more security to your account. 


e To start your own Facebook Security Checkup, visit fb.me/securitycheckup. 
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Stay Secure on Facebook 
Michelle, we’re always working to protect your account. 
Let's look at 3 ways you can increase your security. 


Not Now Get Started 


Update Status [| Add Photos/Video [=] Create Photo Album 


Figure 4. Facebook Security Checkup 


12.5 FACEBOOK PRIVACY SETTINGS 


12.5.1 Select Your Audience 
Whenever you update your status, share photos, or post any information on Facebook, you can select 
who sees what you share through the audience selector tool.*> 


This tool allows you to decide who sees what you share. 

The Custom option can be used to be as specific as you want for who can and cannot see 
something.’°° 

Facebook's help page will remind you when you post to another person’s Timeline, that person 
controls what audience can view the post. Additionally, anyone who is tagged in a post may 
see it, along with his or her friends. 

To learn more about selecting audiences, visit fb.me/AudienceSelector. 


12.5.2 Review and Approval 
There are two options within the Timeline and Tagging Settings for reviewing content that is tagged.?°” 


The first choice allows you to approve or dismiss posts that you are tagged in before they 
appear on your Timeline. 

This automatically applies to posts where you are tagged by someone you are not friends with, 
but you can choose to review all tags by turning on the timeline review. 

The second choice allows you to approve or dismiss tags people add to your posts. 

When you turn this on, a tag someone adds to your post will not appear until you approve it. 
To learn how to enable tag reviews, visit fb.me/TagReview. 
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12.5.3 Search Engine Visibility 
e If you do not want search engines to link to your profile, you can adjust your Privacy Settings.+° 
e However, some information from your profile can still appear in search engine results because it 
is information you shared to a Public audience or posts and comments you shared on Pages, 
Public groups, or the Community Forum section of the Help Center. 


e To learn more, visit fb.me/SearchEngines. 


12.5.4 Location Settings 
Your location can be shared in many ways: with apps, by checking-in, via private messages, or by 


someone else tagging you.*°? 


e It is important to consider when you share your location and with whom and to take measures 


to protect your location when possible. 
e To learn more about location privacy on Facebook, visit fb.me/LocationPrivacy. 


12.5.5 View As Feature 
You can see what your profile looks like to other people by using the View As tool. 


e To learn more, visit fb.me/ViewAs. 
Facebook Privacy Settings 


Do you know who you're sharing with on Facebook? 


Learn more about the different sharing options below. 


Public 


This is the least secure privacy 
setting. It shares information 
with everyone on Facebook. 

\ 


\ 


Friends 


\ 

This isthe mostcommon \ 

option, sharing with everyone \ 
\. you've added as a friend. 


Lists \ 


You can share with lists of 
—— friends to help keep sensitive 
“\..__ information from some people. 


Only me oN ee 
E i \ =_ =- 
Anything shared with \ 
this option will only | 2 
be visible to you. 


Figure 5. Facebook Privacy Settings 
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12.5.6 Disabling Advertising Features in Facebook 
Go to your Account Settings and enter the section for Ad Preferences. 


Ads 


Review how we use data to make the ads you see more 
relevant. 


Ad Preferences 


Control how data influences the ads you see, and learn 
more about how our ads work. 


® Your information 


© Hide ad topics 


@ How Facebook ads work 


12.5.6.1 Advertisers 
Your Facebook account will have the same sub sections as highlighted below. They will educate you how 
Facebook already used your information for its advertising purposes.**? 
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Advertisers 


Advertisers whose ads you clicked 


WY) 


Blenders Eyewear 


Advertisers who uploaded a list with your info and 
advertised to it 


UNITED 


OKC United, Bath & Body Works, The Autism Cafe and 10 
others 


Advertisers who you've visited 


12.5.6.2 Your Information 
Everything in this section is available to how Facebook serves advertising to you and your management 
of it does not affect how Facebook profile looks. 


e Pay close addition to the Review and Manage Your Categories section; you may have Wi-Fi and 
Phone settings in it, which you can opt out of as well. 
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< Your Information 


Some of the ads you see are because advertisers are trying to 
reach people based on information they've provided on their 
profiles. 


Manage whether we can show you ads intended to reach people 
based on these profile fields. 


Relationship status 
Married 


Employer 


Job title 


Education 


w we determine whether to show 
certain ads to you. They don't change which information is 
visible on your profile or who can see 
We may still add you to cat 


Your categories below) 


ection help advertiser 


ested in their products, 


12.5.6.3 Ad Settings 


Disable all Ad Settings under the sections entitled Ads based on data from partners, Ads based on your 
activity on Facebook Company Products that you see elsewhere and Ads that include your social 


actions. 
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< Ads Settings 


We use data to show better ads. You can use these 
settings to choose whether you want certain types of your 
data to influence the ads we show. Changing these 
settings won't affect the number of ads you see. 


Ads based on data from partners 


To decide which ads we show you, we use data that 
advertisers, app developers and publishers provide us about 
your activity off Facebook Company Products. This includes 
your use of partners’ websites and apps and certain offline 
interactions with them, like purchases. 


Not Allowed 


Ads based on your activity on Facebook 
Company Products that you see elsewhere 


When we show you ads off Facebook Company Products, 
such as on the websites, apps and devices that use our 
advertising services, we use data about your activity on 
Facebook Company Products to make them more relevant. 


Not Allowed 


Ads that include your social actions 


We may include your social actions on ads, such as liking the 
Page that's running the ad. Who can see this info? 
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12.5.7 Facebook Facial Recognition and Active Status 

e Facebook describes facial recognition as “Our technology analyzes the pixels in photos and 
videos, such as your profile picture and photos and videos that you have been tagged in, to 
calculate a unique number, which we call a template. We compare other photos and videos on 
Facebook to this template and if we find a match, we will recognize you. If you are untagged 
from a photo, or video, information from those untagged photos and videos is no longer used in 
the template. If your face recognition setting is set to off, we delete the template." in their help 
center post at URL https://www.facebook.com/help/122175507864081 

e Disabling active status allows you to run on the service private from other users and Facebook 
friends. 
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Privacy 


Control who sees what you do on Facebook, and how data 
helps us personalize experiences. 


Privacy Settings 
Control who can see your posts and content, as well as 
who can search for you. 


Face Recognition 
Choose whether we recognize you in photos and videos. 


Timeline and Tagging 


Decide who can interact with you and your posts on 
Facebook. 


Public Posts 


Manage who can follow you, and who can comment on 
your public posts. 


Blocking 


Review people you've previously blocked. 


Location 
Manage your location settings. 


Active Status 
Show when you're active. 


12.6 MANAGING YOUR FACEBOOK COMMUNITY 


12.6.1.1 Friend Requests 
Facebook is where so many of us connect with people we know personally, like friends, family, 
classmates, and coworkers. Facebook is based on authentic identities, where people are who they are in 
the real world. 
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12.6.1.2 Do Not Use Your Full Name on Facebook 
This is one of the fastest ways to get into someone's life so you might as well make it harder for 
someone to find you if they get a hold of your personal information or use Facebook to gauge your life 
even in new social circles. 


e Unfortunately, as Facebook notes, some individuals use tactics such as impersonating a friend to 
gain access to personal information. 

e If you receive a friend request from someone you are already friends with, ask if they sent the 
new request before accepting it. 

e = If they did not create it, report the impersonating profile to Facebook. 

e If you want to meet new people through Facebook, try connecting with Pages and groups that 
interest you. 

e You can also choose to limit who can see your friend list if you are worried about your friends 
and family being contacted by someone. 

e To learn more about adding friends and friend requests, visit fo. me/FriendRequests. 


12.6.1.3 Unfriending 
To unfriend someone, go to that person’s profile, hover over the Friends button at the top of their 
profile and select Unfriend. 


e If you choose to unfriend someone, Facebook will not notify the person, but you will be 
removed from that person’s friends list. 

e If you want to be friends with this person again, you will need to send a new friend request. 

e To learn more about removing friends, visit fb.me/Unfriending. 


12.6.1.4 Blocking 
e Blocking a person automatically unfriends them and blocks them so they can no longer see 
things you post on your profile, tag you, invite you to event or groups, start a conversation with 
you, or add you as a friend.*© 
e Blocking is reciprocal, so you also will not be able to do things like start a conversation with 
them or add them as a friend. 
e When you block someone, Facebook does not let them know you have blocked them. To learn 


more, visit fb. me/Blocking. 


12.6.1.5 Reporting 
Any type of content can be reported to Facebook. Facebook’s Community Standards explain what type 
of content and sharing is allowed on Facebook. 


e When something is reported to Facebook, a global team reviews it and removes anything that 
violates these terms. 
e To learn how to report and what happens when you click report, click here fb.me/Reporting. 
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Figure 6. Facebook Notifications Center 


12.7 FACEBOOK MESSENGER 

Facebook Messenger is a free messaging app and web-based platform that enables Facebook users to 
conduct instant message-based conversations with Facebook friends. Originally developed as Facebook 
Chat in 2008, the company updated the service and rebranded as Facebook Messenger in 2011. 

Users of Facebook Messenger can send messages and exchange photos, stickers, audio, and files, as well 
as react to other users’ messages, interact with bots, and conduct voice or video calls. 

While Messenger was once limited to Facebook users only, it now powers conversations within 
Facebook, Instagram, Portal, and Oculus VR.*© 


12.7.1 Disabling Facebook Messenger from Automatically Syncing Your Contacts 


12.7.1.1 If You Are Installing the App 
Pay close attention to what prompts appear on your Mobile Phone as you install Facebook Messenger. 
After you have installed the App, you will begin setting up your profile based on existing Facebook 
information or whatever information you have provided. 


e You will then see a prompt on your screen with two animated creatures. If you read the 
dialogue carefully (as highlighted in the graphic), you will see the text, which shows 
"Continuously uploading your contacts helps Facebook and Messenger suggest connections 
and provide and improve ads for you and others and offer a better service." 

e Make sure you click on 'Not Now’. 

e = This will prevent Facebook Messenger from uploading your contacts into the Facebook 
ecosystem. 
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Find Your Phone Contacts 
on Messenger 


Continuously uploading your contacts helps 
Facebook and Messenger suggest connections 
and provide and improve ads for you and others, 


and offer a better service 


Learn more 


12.7.1.2 If the App Is Already Installed 
You were unaware that enabling the feature discussed above actually uploaded your contact list from 
your Mobile Phone into the Facebook ecosystem so now you would like to go back, disable the setting, 
and now retroactively remove your contacts from Facebook Messenger. 
e Here is how you disable the setting to stop continuously synchronizing your contacts with 
Facebook Messenger as well as remove them from Facebook’s ecosystem. 


e Launch the Facebook Messenger app from your Mobile Phone or Personal Device and go to the 
home screen. 


e Look for the photo icon at the top left-hand corner of the screen and Tap on it. 
e Now tap on ‘People’ within the 'Preferences' section (as highlighted in the graphic below). 
e Now tap on 'Upload Contacts' and ensure you have the setting adjusted to 'Off'. 
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Payments 


Secret Conversations 


Data and Storage 


Emoji 


Upload Contacts 


Manage Contacts 


iPhone Settings for M 


12.7.1.3 Stopping Facebook Messenger from Automatically Syncing Your Contacts (If the App Is 
Already Installed) 
According to Facebook at URL https://www.facebook.com/help/messenger-app/838237596230667 


when you turn off contact uploading, the contacts you have uploaded to Messenger will automatically 
be removed. 


e You can also go to the Manage Your Uploaded Contacts screen and tap Delete All Contacts > 
Delete All Contacts to delete these contacts. To stop your contacts from being uploaded again, 
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you will need to turn off contact uploading on any devices where you are using the Messenger 
app. 


Done Manage Your Uploaded Contact... I) 
Manage Your Uploaded Contacts and Call and Text History 


These are the contacts and call and text history that you've 
uploaded from Messenger. Information like this helps Facebook and 
Messenger make better suggestions for you and others, and helps 
us provide a better service. 


You may have uploaded info about these contacts beyond just the 
phone numbers below, like nicknames. You can see that data by 
visiting our Help Center. 


To stop continuously uploading your contacts, turn off the Sync 
Contacts setting in the Messenger app. To stop continuously 
uploading your call and text history, turn off the Continuous Call and 
SMS Matching setting. Turning off each setting will delete all of your 
previously uploaded contacts or call and text history from 
Messenger. 


Keep in mind that if you delete the information on this screen, but 
have continuous uploading still turned on for either setting, the info 
will be uploaded again automatically. 


See contacts you've uploaded from Facebook. 


| © Delete All Contacts | 


12.7.2 Additional Facebook Messenger Privacy Settings 


You can control your privacy in Messenger by choosing who can see your active status, choosing your 
Story audience, using secret conversations and more. Here are some ways to control your privacy in 
Messenger. 
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12.7.2.1 Control who can see when you are active 
Active Status shows your friends and contacts when you are active or recently active on Facebook or 
Messenger. 


e = The following link will instruct you on how to control your active status in Messenger. 


12.7.2.2 Control Chat Lists 
If someone who you are not connected with on Facebook sends you a message, you will receive a 
connection request. 
e = The following link will instruct you on how to control who can start a new chat with you in 
Messenger. 


12.7.2.3 Secret Conversations 
Secret conversations in Messenger are end-to-end encrypted and can only be read on one device of the 
person you are communicating with. The following link will instruct you on how to use secret 


conversations in Messenger. 


12.7.2.4 Clear Your Search History 
Facebook Messenger allows users to edit or clear their search history in Messenger. The following link 


will instruct you on how to clear your search history in Messenger. 


12.7.2.5 Remove Sent Messages 
Facebook Messenger allows users to permanently remove a message that you have sent for everyone in 
the chat, or just for yourself. 


e = The following link will instruct you on how to remove a message within Facebook Messenger. 


12.7.2.6 Customize Story View 
You can control who can and cannot see your story. 


e The following link will allow you to choose who can see your story in Messenger. 
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12.8 INSTAGRAM 

Instagram is a free social networking service built around sharing photos and videos. It launched in 
October 2010 on iPhone first and became available on Android in April 2012. Facebook bought the 
service in April 2012 and has owned it since. Like most social media apps, Instagram allows you to follow 
users in which you are interested. This creates a feed on your homepage, showing recent posts from 
everyone you follow. You can like posts, comment on them, and share them with other people.*™ 


12.8.1 Instagram Start Screen 
The graphic of Instagram's start screen can be 
found at the following link. 


12.8.2 Open the Camera — 
When you are on the home tab, you can tap the Instagram 
“camera” icon in the top left-hand corner to start Essen 
adding photos and videos to your Instagram 
profile. 


e NOTE: You will need to allow Instagram 
to access your camera and microphone 
before you can use this feature. 


12.8.2.1 Direct Messages 
The “paper airplane” icon in the top right from 


; ea F 
the home tab will get you access to your direct 28 likes 


myleadsystempro You are not promised tomorrow. 


messages. So make today count 


e Here you can view messages from 
people as well as create direct messages 
to send to your connections. 


12.8.2.2 The Home Tab 
This is the default view when you open the 
Instagram app. It is also, where the media, 
images, and stories from the people you are following will appear. 


e From the home tab, you have access to add photos and/or videos to your feed, access your 
direct messages, search, connect and access your profile settings. 


12.8.2.3 The Search Page 
The magnifying glass will take you to the "Search" page. 


e From here, you can search for accounts, keywords, hash tags, and topics simply by typing in the 
"Search" bar at the top of the screen. 
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12.8.2.4 The Camera Page 
By clicking on this button, you will see your phone's camera popup. From here, you can either choose to 
add a photo or video from your camera roll (already on your camera) or choose to take a new one. 


e NOTE: You will need to allow Instagram to access your camera and microphone before you can 
use this feature. 


12.8.2.5 Account Activity 
The "heart" icon will take you to your account activity page. 


e This is where you can see comments, likes, shares, and follows for your account, as well as the 
people you are following. 


12.8.2.6 Profile and Account Settings 
You can access your own profile and account settings by tapping on the little icon that looks like a 
person. 


e Once on this tab, you can choose to add latest photos and videos, edit your profile and more 
once again. 

e While on this page, tapping the ‘hamburger icon’ in the top right will slide out more options 
where you can view your "saved posts", or access the "discover people" functionality to 
connect with your friends from Facebook, or access Facebook directly. 


12.9 INSTAGRAM'S PRIVACY AND SAFETY CENTER 

If you need added help in understanding the wide-ranging settings Instagram offers you as a user for 
safety and reporting threatening activity, the following Instagram help center link is extremely 
informative. 


12.9.1 Privacy Settings 
The following privacy settings should be enabled to make you safer while you are using the platform as 
well as ways you can reduce your Digital Exhaust. 


12.9.1.1 Private Profile 
This is the most popular privacy setting and one you should enable right away. By default, Instagram 


accounts are public, meaning; anyone on Instagram can view your photos, like and comment on them.?® 


e = =Thankfully, Instagram gives you a choice to make your profile private. When you have a private 
profile, only your followers can see your published photos and stories. 

e = This setting does not change your viewing method, as you can still see other public profiles’ 
photos and stories. 

e To make your profile private, first open the Instagram app and go to the profile screen. Then tap 
on the three-dot icon at the top-right corner to open Settings in case of Android phones. On an 
iPhone, tap on the gear icon. 

e Under "Settings", tap on "Private account" and turn it on. You must also tap on Account privacy 
and enable the setting "Private account". 
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e = It is unknown why Instagram has kept the same setting in two places. Per Instagram, business 
profiles are not able to make their accounts private. 
e If you want to make your business account private, first switch back to a personal account. 


12.9.1.2 Removing Followers 
When you make your Instagram profile private, there will be many people in your Followers list that you 
do not want there. Previously, you had to block such users, but Instagram has changed that setting now. 


e It is not necessary for you to have a private profile to remove followers; you can do this even if 
you have a public profile. According to Instagram, removing specific followers will not let them 
know about being removed. 

e To remove Instagram followers, go to your "Profile" and tap "Followers". You will see the three- 
dot icon next to every follower. 

e Tap on it for the follower you would like to remove and select "Remove" on the pop-up screen. 
If you would like added screenshots, the following link is helpful. 


12.9.1.3 Turning Off Your Activity Status 
In 2018, Instagram launched an Activity status feature. It shows the last time users were active on 
Instagram and with whom they had direct conversation. In addition to your activity, Instagram also 
introduced the online status indicator.’ 


e When a person is online, you will see a green dot next to their username in Direct Messages 
(DM). Per Instagram, here are the steps to turn them off. 

e Goto your profile and tap the three-dot icon or the gear icon. Scroll down and tap on "Activity 
status". On the next screen, disable "Show activity status”. This will turn off activity status and 
green dot both. 


12.9.1.4 Blocking Comments 
Sometimes when people do not like a picture or video that you posted, they resort to trolling you in the 
comments. Instagram gives you the choice to turn off their comments. 


e You can do this for all posts from the general "Settings" and even for an individual post. Per 
Instagram, here is how you what you need to do to stop comments on all your Instagram posts. 

e On your profile, tap on the three-dot icon to go to "Settings". Under "Settings", tap on 
"Comment controls". 

e Then you will get two options: "Allow Comments from" and "Block Comments from". You can 
use the first choice to white filter the comments. Meaning, only the people that you add here 
will be able to comment on your posts. 

e Onthe other hand, when you block people from commenting, everyone else except these users 
will be able to comment. 

e To turn off comments for an individual post, open the post and tap the three-dot icon at the 
top-right corner. 

e Select "Turn off commenting". 
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e You can also enable the setting "Hide offensive comments" as well as the "Manual filter" 
option. 

e If you need to report offensive or abusive behavior, Instagram provides you with instructions on 
how to do so at the following link. 


12.9.1.5 Stopping Direct Messages (DM) 
Everyone on Instagram can message you, whether they follow you or not. However, messages from 
people other than your followers are kept under a separate folder (Requests) in DM. While Instagram 
does not let you stop DMs for normal messages, you can restrict DMs for stories.*©” 


e Instagram offers three settings for message replies in stories: "Everyone", "People you follow", 
and "Off". 

e Here is how to set it. Open Instagram Settings by tapping the three-dot icon (Android) and gear 
icon (iPhone) on the profile screen. 

e Next, tap on "Story controls" and under "Allow message replies", select the preferred option. 


12.9.2 Instagram's Privacy Settings & Information Link 
If you need added help in understanding the wide-ranging settings Instagram offers you as a user, the 
following Instagram help center link is extremely informative.1® 


12.9.3 Disable "Resharing Posts to Stories" 
If you have a public profile, people can reshare your posts on their stories along with your username. 
While some people may not have an issue with it, | certainly do, so here are the steps Instagram 
provides you the to turn this feature off. 


e Open your Instagram Settings, scroll down, tap “Resharing” to stories, and ensure you have 
disabled this setting. 


12.9.4 Hide a Story 
Instagram offers different privacy settings for posts and stories. While you cannot change the privacy of 
individual posts, you can customize the privacy of your stories, which will allow you to hide stories from 
specific followers. 


e Todoso, launch Instagram Settings and tap on "Story Controls". Select the followers from 
whom you want to hide stories under the "Hide story from" option. 

e Acouple important Privacy tips for you on sharing Instagram stories, Private posts you share to 
social networks may be visible to the public depending on your privacy settings for those 
networks. 

e Instagram offers an example at the following link that a post you share to Twitter that was set to 
private on Instagram may be visible to the people who can see your Twitter posts. This is a 
prime example of how your Digital Exhaust can pop up in ways you least expect it. 


12.9.5 Approve Tagged Posts 
Instagram has a separate section for tagged photos and videos. When a person tags you, it will 
automatically be added to your profile. | think many of us have experienced situations where we have 
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been tagged in pictures that are not good always. Therefore, it is better to approve tagged posts first. 
Once you approve them, only then they will be added to your profile. 


e To enable this setting, continue to Instagram Settings and tap on "Photos of you". From here 
you can disable the setting "Add Automatically". If you would like to hide a photo or video you 
have been tagged in, the following link from Instagram will provide you steps to do so. 


12.9.6 Clear Instagram's Search History 
If you often search for a person or a hashtag, it will appear under the search tab in Instagram. 


e To clear your search history, open Instagram Settings and tap on "Search history". 

e Then on the next screen, tap on "Clear search history". 

e If you have trouble cleaning out your search history, the following link is filled with steps should 
you want to go nuclear and really scrub data out. 


12.9.7 Photo Metadata 
Perceptive threat actors can exploit the start of each photo presents unique Digital Exhaust which when 
left unchecked. Regardless of whether loopholes exist within Instagram to exploit my photo metadata, | 
go to the trouble of removing all my EXIF data from my photos because | never know where my personal 
data will end up, particularly in cloud-based storage environments. 


e It is recommended that you remove any EXIF data so you do not hand it to a third party should a 
data breach occur even if it is stripped from social media platforms or in texting exchanges. 
e In addition, it is recommended that you turn off geotagging by default. 
o NOTE: When you turn off geotagging, it only applies to photos taken after you have 
turned off the location feature. 


12.9.8 Location Data 
| highly recommend NOT showing your location when posting. 


e If you do not understand how Instagram's Location Tags work, the following link is extremely 
informative. 
e If you need a hand locking own your Location data, check out 


https://help.instagram.com/519522125107875 which outlines how your personal device(s) 


collect and track your daily location and ways you can increase your awareness of this issue with 
all Apps or Devices you use. 


12.9.9 Syncing Contacts and Finding People to Follow 
When it comes to synchronizing your contacts from your Mobile Device to Instagram, | would HIGHLY 
DISCOURAGE you from doing so. As Instagram is part of the Facebook ecosystem, | have already covered 
the dangers of synchronizing your contacts. 


e If you need added help understanding how Instagram works with syncing contacts and finding 
people, the following Instagram help center link is extremely informative 
https://help.instagram.com/519522125107875. 
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e Additionally, if you would like information on how to disconnect your Instagram account from 
another social network, the following Instagram help center link is helpful. 


12.9.10 Resources for Parents 
The following link https://about.instagram.com/community/parents will be immensely helpful for 
parents of children who use Instagram. 


e Instagram has a simple interface that is easy for unaccustomed users to understand intuitively, 
no matter their age, there are several Privacy settings that are highly recommended a user 
enable. 


12.10 LINKEDIN 

LinkedIn is the world's largest professional network on the internet. You can use LinkedIn to find the 
right job or internship, connect and strengthen professional relationships, and learn the skills you need 
to succeed in your career. You can access LinkedIn from a desktop, LinkedIn mobile app, mobile web 
experience, or the LinkedIn Lite Android mobile app.*©? 


12.10.1 Understanding Social Engineering on LinkedIn 


12.10.1.1 Detecting Fake LinkedIn Accounts/Personas 
This section will give tips for how to spot fake or “doppelganger” LinkedIn accounts. This is critical 
because connecting with a fake LinkedIn profile can give cyber criminals or Advanced Persistent Threat 
actors access to important and powerful information about you, such as details about your history, 
company, and professional contacts.?”° 


e That information can be used to create detailed and believable phishing campaigns and other 
financial swindles. 

e = Inshort, beware of LinkedIn accounts with fake photos, incomplete profiles, limited 
connections, fake names, poor spelling, and grammar, and/or suspicious work history. 


12.10.1.2 Fake Photos 
Model-quality photos often go with many Fake LinkedIn profiles. 


e If you are suspicious about a photo, there is a straightforward way to check its authenticity. 
Simply do a reverse image search using TinEye, Bing's Visual Search or Google’s Reverse Image 
Search. 

e These search engines will show you where, if any place, the same image has been used 
previously online. 
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12.10.1.3 Incomplete Profiles 
One key indicator of fake LinkedIn accounts is the lack of any information about the individual. If there is 
information, it is often in the form of mostly generic statements that lack any specificity in the summary 
and experience sections. 


Conversely, genuine profiles belonging to real people typically include a mixture of personal 
details, such as causes, volunteering, hobbies, education, recommendations, and the use of the 
first person when writing the 'Summary' or 'Experience' sections. 

Many fake profiles used for swindles do not bother to add personal information and keep detail 
to a minimum. 

Most people also personalize their custom LinkedIn URL while false accounts will not as they are 
created quickly and without tremendous attention to detail. 

This may not be the case for more sophisticated Cyber criminals or Advanced Persistent Threat 
actors. 


12.10.1.4Limited Connections 
Genuine profiles typically have a mixture of people and profiles among its connections. 


Fake profiles may have connections with all the same or all opposite gender people with fake- 
looking profile pictures. 

Fake profiles can range from a few to several hundred connections, as well as a handful of skill 
endorsements. 

They also usually belong to several groups and follow a couple of companies and influencers. 
Check out mutual connections from a connection request, or better yet, message your 
connections directly to see if you can confirm an individual’s identity prior to connecting to their 
profile. 


12.10.1.5 Fake Names or Doppelgangers 
Threat actors may create fake names or doppelganger accounts to help their threat activities. 


Accounts created in this may use generic names or that of a famous person, like an actor, 
actress or television personality. 
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e Some scammers will use the name of a more obscure actor or actress that would not be as 
known to most of those on Linkedin. 

e Threat actors may also create accounts that impersonate a legitimate person’s account. These 
accounts are doppelgangers, and their users try to assume a legitimate connection’s identity as 
best as they can. 

e These doppelganger accounts are often 3rd degree connections. To protect against this, run the 
account name in LinkedIn’s search function to see if they have more than one account. 

e If so, you may have showed their doppelganger or found the true account and uncovered that 
whomever you are interacting with is the doppelganger. 

e = If you can, block the illegitimate account(s). This prevents the threat actor from viewing your 
profile, trying to follow your account on LinkedIn, and from delivering any type of malware to 
you through LinkedIn InMail. 


More about doppelganger accounts are available in the article "A Sneak Into The Devil's Colony-Fake 
Profiles in Online Social Networks” at URL https://arxiv.org/ftp/arxiv/papers/1705/1705.09929. pdf 
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12.10.1.6 Poor Spelling and Grammar 
Many fake profiles include obvious errors like misspellings and poor grammar. Often, the first name is 
displayed in all capital or lowercase letters, which would not be common to see in a genuine profile. 


12.10.1.7 Suspicious Work History 
One of the most effective ways to detect a suspicious work history is to check a connection's work 
experience by looking for their current employer elsewhere online and see if the person with the 
suspect profile is, in fact, listed as working there. 


12.10.1.8 Suspicious Connection Requests 
Be sure to vet connection requests if they have content with languages unfamiliar to you. Use the 


Google Translate App at URL https://translate.google.com/intl/en/about/ if you want to read what 
the profile says in any unfamiliar language. On a mobile phone, take a screen shot and import it. 
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12.10.2 LinkedIn Privacy Settings 
LinkedIn provides users with several privacy options. 


e Review the following URL to better understand them 


settings?lang=en then head over to begin controlling them. 
e You can control them at the URL https://www.linkedin.com/help/linkedin/answer/66 


12.10.3 Settings & Privacy Page 
The Settings & Privacy Page is organized into four tabs to help you easily view and change your account 
information, privacy preferences, ads settings, and communication notifications to include: 


e Account tab - allows you to manage your account settings, such as adding email addresses, 
changing your password or language, and other account management options. 

e Privacy tab - covers all privacy and security settings related to what can be seen about you, how 
information can be used, and downloading your data. 

e Ads tab - enables you to control the information that LinkedIn uses to show you relevant ads by 
adjusting your account’s ads settings. 

e Communication tab - houses your preferences for how LinkedIn and other parties can contact 
you, and how often you would like to hear from us. 


12.10.4 Linked In Account Settings 


You can also check out the following information to learn more about some key settings you can 
manage through the Settings & Privacy page to include: 


e Changing Your Password 
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e Adding or Changing Email Addresses 

e Adding and Removing Mobile Phone Numbers from Your Account 
e Stopping or Changing Email Notifications 

e Sharing Profile Changes with Your Network 

e "Who's Viewed Your Profile" - Overview and Privacy 

e Turning on Two-step Verification for Improved Security 

e Setting push notification settings 


e Viewing your groups 


12.10.4.1 Profile Photos on LinkedIn 
You can suppress your profile photo from being displayed to everyone and only to people you confirm. 


Choose whether to show or hide profile photos 
of other members 


Select whose photos you would like to see. 


No one 


VY Yourconnections 


Your network 


All LinkedIn members 


12.10.4.2 How Your Name Appears on Your Profile 
LinkedIn allows you to control how people see your last name on the platform. Hide your last name 
from people not connected to your account. 


12.10.4.3 Reviewing Where Your Name Appears on Your Profile 
Modify your account’s custom URL on your LinkedIn profile to omit your full name. 


e In addition, it is recommended you do not openly post your resume online. 


e It is also advised that you review any recommendations you receive and ensure your last name 
is controlled on them and any other personally identifiable information is not visible in them. 
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12.10.4.4 Follow Accounts Instead of 


According to LinkedIn, "Connections are 
members who connected on LinkedIn 
because they know and trust each other. If 
you are connected to someone, you will 
both be able to see each other's shares and 
updates on your Linkedin homepages. You 
can also send messages to your 
connections on LinkedIn. Following 


the person's posts and articles on your 


Connecting to Them 


someone on LinkedIn allows you to see Connect | 


homepage without being connected to 
them. However, the person you’re 


following won't see your posts." 


More is available at the URL 
https://www.linkedin.com/help/linkedin/answer/32504/similarities-and-differences-between- 
following-and-connecting?lang=en 

The Following feature is a valuable tool provided by LinkedIn. It enables sensitive and high 
profile users to overtly control to whom their accounts connect. Users can always view a list of 
your followers on your profile page at URL 
https://www.linkedin.com/help/linkedin/answer/2717 and manage who can follow their 
updates at URL https://www.linkedin.com/help/linkedin/answer/53652 

Do this to ensure no suspicious or nefarious individuals are remotely viewing your LinkedIn 
profile. 


12.10.4.5 Searching for People on LinkedIn 
Assuming you controlled your account’s last name and photo, it is more difficult for threat actors to 
spoof your LinkedIn account with a doppelganger account.?”4 


Regardless, search your name in LinkedIn to look for any 3rd-degree connections who may be 
trying pass themselves off as the real you. 

The article at URL https://www.linkedin.com/help/linkedin/topics/6001/6008/3544 offers a 
great overview for how to search. 

You can also perform Boolean searches on LinkedIn. Instructions for how to do this are available 


linkedin? lang=en 
Also, if you want a better understanding about how your network and degrees of connection 
work on LinkedIn, read the article at URL 


connection?lang=en 
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12.11 SNAPCHAT 


Snapchat markets itself as a social media platform on which sent images and messages are only 
available for a limited amount of time.’”” The time limit is set by each individual user.*”2 


e Arecipient, however, can still take a screenshot of sent photos or chats or use another device to 
take photos of any sent material (users are notified when their message has been 
screenshotted). 

e Further, there are many other ways in which people can collect information about a Snapchat 
user particularly if that user does nothing to change their privacy settings.” 


12.11.1 Start Screen 
Opening the mobile Snapchat app immediately opens that device’s camera. To navigate to other pages 
of the application either select another choice at the bottom of the screen or the yellow silhouette in 
the top left-hand corner to navigate to your profile page. The profile page looks like this: 


e First, make sure that simply because someone has your phone number or email, they cannot 
search for you using that information on Snapchat. Instead, they would need your exact 
username. Selecting the gear icon in the top right corner of your profile page will navigate you 
to the settings page. 

e Select Mobile Number then uncheck ‘Let others find me by using my mobile number’. Repeat 
the process for email. Now if a blocked caller tries to find you via Snapchat, it will be much more 
difficult: 


12.11.2 Profile and Settings 
This area allows users to access a variety of features to include using the two-factor authentication 
feature, turning off your location, managing target ads, controlling who contacts you, managing 
Snapchat’s use of your contacts, and finally controlling who you share with.?”° 


e To navigate to settings, go to the gear icon in the top right-hand corner of your profile page. 


12.11.3 Enabling Two-Factor Authentication 
This feature means that when logging into Snapchat, users must enter an added code (sent via SMS) 
after the password. 


e Someone would need to have both your password and your phone to access your account. 


12.11.4 Location Sharing 
To turn off your location, control who contacts you, and control who you share information with, 
navigate to Settings and scroll to the “WHO CAN” section. 


12.11.5 Ghost Mode 
Select ‘See My Location’ to turn on Ghost Mode (no one can see your location) or you can customize the 
location settings to allow certain users to see your location. 
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12.11.6 Contact Accessibility 
Select ‘Contact Me’ to make sure only your friends can contact you. 


12.11.7 Information Visibility 
Select ‘View My Story’, ‘See My Location’, and ‘See me in Quick Add’ to control who can see your 
information. 


12.11.8 Opting Out Of Targeted Ads 
Go to Settings under the “ADDITIONAL SERVICES” section and select ‘Manage’. 


12.11.9 Use of Contacts 
When you first use the app, Snapchat asks if you would like to synchronize your contacts.’”° 


e At this point, you can grant permission for the Snapchat app to access your contacts and make 
updates whenever you add a contact to your phone. 

e If you originally allow Snapchat this access, you can change it later by unchecking “Sync 
Contacts” in your settings. Go to ‘Manage’ under the “ADDITIONAL SERVICES” section and then 
select ‘Permissions’. 

e Following the above recommendations can reduce a user’s Digital Exhaust; however, following 
all these steps also reduces the usability of the app. 

e Further, by not allowing Snapchat to synchronize with your contacts, you will have to manually 
search for someone in Snapchat to see if they have an account. 


12.12 TiKTOK 


TikTok (formally branded as musical.ly) is a freeware, cross-platform, short-form mobile video media 
application. TikTok uses a device’s data plan or Wi-Fi to broadcast trending video media created by 
users. 177 


e The application is free to users and is supported by advertisements. 

e TikTok users draw from a cadre of free tools to create content for sharing, as well as Livestream 
content that may use real-time filters. 

e This application is used for mobile devices but also has workarounds for use in desktop 
computers. 


12.12.1 TikTok Screen Management 
TikTok supplies a Screen Time Management setting for a daily usage maximum (i.e., 40, 60, 90, or 120 
minutes per day) that allows users the ability to pre-decide the daily time spent in the application. 


e When the selected time is met, a password is needed to continue to use TikTok —presuming that 
a parent or guardian selects the required password or that the user will self-monitor the time 
limit. 
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e If you wish to limit time on the app, go to the Digital Wellbeing section of the Settings & Privacy 
page and use the "Screen Time Management" option to select your time limit. 
e You can also set a pin code which will be used for both Screen Time Management and Restricted 


modes. 


12.12.2 Making your account Private 


e Launch the TikTok app 

e Open the “Me” tab in the bottom right 

e Next, tap the three vertical dots in the upper right 

e Tap “Privacy and Safety” 

e Tap “Private Account”; if your profile is in Pro Account, you need to switch to a personal 
account to make your profile private. 

e Turn off “Suggest your account to others” 


12.12.3 Turning off “Suggest your account to other” 
By default, TikTok will share your content by featuring it on the “For you” pages of people you do not 


know. 


e If you want to prevent strangers from seeing your videos, you can turn off the “Suggest Your 
Account” choice. 

e Turning this setting off will stop your account being recommended to other users and prevent 
other people from finding the account via search engines. 


12.12.4 Making Videos Private 
TikTok allows you configure previously posted or latest videos with specific privacy settings. Videos 
previously posted can be configured as follows: 


e Open a video 

e Tap the three-dot icon at the bottom right 
e Select Privacy settings 

e Tap “Who can view this video” 

e Select Friends or Private 


Newer videos can be configured as follows: 


e Before uploading, tap “Who can view this video” 
e Select Friends or Private 


12.12.5 Managing Duet Control 
You can control who can duet on your videos, which can be configured as follows: 


e Goto the “Privacy and safety” settings choice under the app settings 
e Tap ‘who can duet with your videos’ 
e Choose ‘Friends or No one’ to limit those who can duet with you or your child 
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e You can do this for several different options such as who can send you direct messages and 
download your videos 


12.12.6 Blocking Interactions 


TikTok users can interact with your account and content in multiple ways: they can view or download it, 
direct message you, and duet with your videos. 


e The default setting for these interactions is “On,” but you have the choice to change it to 
Friends or Off. 


e To limit how other users can interact with your videos go to the Safety section of the Privacy 
page. 

e Blocking interactions stops comments, duets, and reactions, and prevents people from seeing 
your messages or the videos you have liked. 


12.12.7 Reporting a User 
To block and/or report a user on TikTok you can do so through the following steps: 


e Goto the user’s profile and tap the three dots at the top of the screen 

e From the options select ‘Block’ or ‘Report’ 

e If you block the user, it will ask you to confirm this 

e If you wish to simply report the user, you need to select why you are reporting them 


12.12.8 Enable 2-Factor Authentication 
It is always worth enabling 2-factor authentication to add a layer of extra security on you and your 
child’s account. The verification code can be sent to either your mobile phone or email address. 


e Select "Security" in the settings and privacy menu 
e Tap on'"2-step verification" 
e Select your chosen verification method "Phone" or "Email" 


12.12.9 Hacking Attempts and Security Alerts 
TikTok has a built-in feature to aid in detecting hacking attempts and suspicious activity on your account. 


e By accessing your security alerts, shown below, you can see what devices have accessed your 
accounts or are trying to access your account without you, you can see what devices have 
accessed your accounts or are trying to access your account without your permission. 
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12.12.10 How to Download TikTok Data 
Just like other social media platforms, TikTok also allows you to download your data. 


e The option is available under “Personalization and data” under “Privacy and safety” .’”° 


e Tap on “Download TikTok Data”, and under the 'Request a Data File’ tab, tap on the Request 
Data button to start the process. 

e You will receive a confirmation email, followed by the actual file, which is usually sent within 
four days. 

e The file will also be available under the “Download Data” tab. This file can be large, depending 
on how many videos have you uploaded, but that is not the only thing it will have. 

e Your contact details and user activity, which includes comments and likes, are also included. 
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12.12.11 Digital Wellbeing Section: Child Safety - Family Safety Modes — Screen Time 


12.12.11.1 Child Safety Settings 
Restricted Mode stops most inappropriate content from appearing for children. 


e It is also possible to set a passcode to prevent your child from changing this setting later. This 
setting is also found in the “Digital Wellbeing” section. 


12.12.11.2 Family Safety Mode 
This setting allows you to assign an account as ‘Parent’ and ‘Teen’. This gives you remote access over an 
adolescent’s TikTok account. 


e Once connected to the account, you can control Screen Time Management, set how long your 
child can spend on TikTok each day. 


12.12.11.2.1 Direct Messages 
This feature allows you to control who can message your child or turn off direct messages completely. 


12.12.11.2.2 Restricted Mode 
This feature allows users to restrict types of content that you think are inappropriate for your child. 


e It is possible to manage all this from a remote device, so you can make sure your child is always 
protected. 
e This setting is also found in the “Digital Wellbeing” section. 
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12.12.11.3 Manage Screen Time: 
If you wish to limit time on the app, go to the “Digital Wellbeing” section of the “Settings & Privacy” 
page and use the Screen Time Management option to select your time limit. 
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Dark mode 


Cs Content preferences 


& Digital Wellbeing " 


< Digital Wellbeing 


Screen Time Management > 


Restricted Mode 


12.13 TWITTER 


Twitter is an online news and social networking site where people communicate in short messages 
called tweets.?”? Twitter allows users to communicate and stay connected through the exchange of 
quick, frequent messages.?®° 


People post Tweets, which may hold photos, videos, links, and text.**? These messages are posted to 
your profile, sent to your followers, and are searchable on Twitter search.1* 


Twitter has extensive information on how to protect your account at https://help.twitter.com/ **° 


e You can also find additional information on how to check safety and security settings as well as 


How to protect your personal information. 1** 


12.13.1 Sharing Your Personal Information 
When someone else Tweets your personal information such as in a doxing attack, you have the right to 
report the individual to Twitter.1* 


e However, if it is discovered that your personal information is publicly available, Twitter may not 
request that your information be removed.*®6 


e Twitter also provides a link to assess ways to protect your personal information. 


92 | Page 


12.13.2 Your Profile 

e Inthe Twitter menu, click Profile. 

e Below your header photo, click Edit profile. 

e = This section will allow you to edit your Bio, Location, and Website. It should be noted that this 
information will be displayed publicly unless you adjust the privacy settings. 

e Next to Birth date, you have the option to click Edit. Doing so will allow you to click Remove 
birth date to completely remove it from your profile. 

e If you choose to display your birthday, you also have the choice to set the visibility for Month 
and day to something other than Public but leave the year as Only you. 


12.13.3 Public Tweets versus Protected Tweets 
When you sign up for Twitter, your Tweets are public by default, meaning anyone can view and interact 


with your Tweets.?®” 


e Should you choose to protect your Tweets, you can do so through your account settings. 

e Twitter provides extensive detail on how to configure settings for protecting your Tweets. If you 
protect your Tweets, you will receive a request when new people want to follow you, which you 
can approve or deny. 

e Accounts that began following you before you protected your Tweets will still be able to view 
and interact with your protected Tweets unless you block them. 

e Protected Tweets will not appear in third-party search engines and are only searchable on 
Twitter by you and your followers. 


12.13.4 Photo Tagging 
Even if your Tweets are protected, you can be tagged or mentioned in a photo. 


e Likewise, your followers may re-share links to photos that you share in a protected Tweet. 

e Links to photos shared on Twitter are not protected. 

e Anyone with the link will be able to view the content. 

e You can change who can tag you in a photo by visiting your Privacy and safety settings via 
twitter.com and Twitter for iOS or Twitter for Android apps. 


12.13.5 Discoverability 
Anyone with your email address or phone number can search for you on Twitter using this 


information.*®8 


e = In addition, anyone with this information in their contacts are provided your account (as a 
suggestion to follow) once they join Twitter. 

e To turn this choice off, go to your privacy settings. Under Discoverability, uncheck “Let others 
find you by your email” and/or “Let others find you by your phone”. 


12.13.6 Sharing Your Location in Tweets 
Tweet location is off by default. You would need to opt in for this service. 
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e Once activated, Twitter will supply suggestions for locations of your next Tweet, but you can still 
choose not to share your location for individual Tweets. 

e If you choose to enable precise location through Twitter's official apps, this will allow Twitter to 
collect, store, and use your precise location, such as GPS information. 


12.13.7 Third-party Businesses and Personalized Ads 
Even if you have turned off personalized ads and sharing data with third party businesses in your 
settings, Twitter shares information with business partners to help improve its business and ads will be 
shown based on your Twitter activity, information you have provided, as well as the devices you have 
used to log in.?®° 


e Turning off these options simply reduces the relevance of the marketing activities on other sites, 
apps, and advertisements to you. 


12.13.8 Blocking an Account 
Blocked accounts cannot follow you, send direct messages to you, or tag you in a photo. 


e They can view your public Tweets if not logged into Twitter. 

e Blocked accounts do not receive a notification alerting them that their account has been 
blocked. 

e However, if a blocked account visits the profile of an account, that has blocked them; they will 
see they have been blocked, unlike mute, which is invisible to muted accounts. 


12.13.9 Two-Factor Authentication 


Twitter offers two-factor authentication but instead of only entering a password to log in, you will also 
enter a code or use a security key.?° 


e This added step helps make sure that you, and only you, can access your Twitter account. 

e During enrollment, Twitter will also verify that you have a confirmed email address associated 
with your account. 

e After you enable this feature, Twitter will require your password, along with a secondary login 
method — either a code, a login confirmation via an app, or a physical security key to log in to 
your account.?"2 


12.13.10 Account Access 


e This feature allows you to review the apps and devices connected to your Twitter account. 

e If there is any that do not truly need access to your Twitter account, click them, then click 
Revoke access. 

e You can also access the Sessions section to review if there are any devices that do not truly need 
access to your Twitter account, click them, and then click Log out the device shown. 
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12.14 YOUTUBE 

YouTube is a video sharing service where users can watch, like, share, and comment and upload their 
own videos. The video service can be accessed on PCs, laptops, tablets and via mobile phones. Users of 
YouTube can search for and watch videos, create a personal YouTube channel, upload videos to their 
channel as well as like, comment or share other YouTube videos.*°* 


12.14.1 YouTube Subscription Privacy Settings 
e Youcan choose to make which channels you are subscribed to private or public.**? By default, all 
settings are set to private.‘™* 


12.14.2 Public Listings 
When your subscriptions are set to public, other users can see what channels you subscribe to. 


e Your subscriptions are listed on your channel homepage. Your account is listed in the 
Subscribers List for any channel you subscribe to. 


12.14.3 Private Listings 
When your subscriptions are set to private, no other users can see what channels you subscribe to. Your 
account does not show ina channel's Subscribers List, even if you are subscribed.1”° 


e If you take part in a subscriber-only live chat, other viewers will publicly see you are subscribed 
to the channel. 


12.14.4 Privacy Channel Subscriptions 


e Sign into YouTube. 
e Inthe top right, click your profile picture. 
e Click Settings. 


e Inthe left Menu, select Privacy. 
e Turn on or off Keep all my subscriptions private. 


12.14.5 Hide Subscriber Count 
By hiding your subscriber count, it will not be publicly visible to others on YouTube. You can still see your 
subscriber count from YouTube Studio. 


e Sign into your Google Account. 

e Goto YouTube Studio. 

e Click Settings 7 Channel ? Advanced settings. 

e Under "Subscriber count," uncheck "Display the number of people subscribed to my channel." 
e Click Save. 


12.14.6 Location-based Recommendations 


When you start using YouTube Music, location-based recommendations are turned off. Location helps 
YouTube Music offer you personalized music recommendations based on where you are. You can 


95 | Page 


change your location-based settings to turn them on or off. Location history is automatically turned off 
for made for kid’s content.1%° 


Visit music.youtube.com. 
Select your profile picture. 
Select Settings. 

Select Privacy. 


Make sure location-based recommendations are paused. This setting will prevent you from 
getting location-based recommendations. 


12.14.7 Disable YouTube Ads 
YouTube uses your data to improve your experience, like reminding you what you have watched, and 
giving you more relevant recommendations and search results. 


Your activity and information can also be used to personalize ads within YouTube and other 
Google Services. You can manage activity data in Your Data in YouTube. 

The ads that play on YouTube videos you watch are tailored to your interests. They are based on 
your Google Ad Settings, the videos you have watched, and whether you are signed in or not. 
You can control the ads that you see based on your Google Account Ad Settings. You can also 
view, delete, or pause your YouTube watch history. 


12.14.8 Supervised Accounts for Kids on YouTube 
Before you can begin setting up the supervised account for YouTube, you will need to have created your 
child's Google account through Family Link.'%” 


Supervised YouTube accounts are available for kids under 13; but that age may differ 
depending on what country, you live in. 


Once this is done, you can begin setting up the supervised account for your child to explore YouTube. To 
do so, the following steps will walk you through that process. 


Open the YouTube app on your phone. 

Tap on your **profile picture*** in the upper right corner of the screen. 

Choose Settings at the bottom of the screen. 

Select Parent Settings towards the top of the page. 

If you have multiple child accounts created in Family Link, choose the account you want to set 
up for a supervised YouTube Account. 

Tap on Set up YouTube. 

Choose SELECT after reviewing the information about the type of content that may be available 
to your child. 

Pick the **content settings* for your child's age. 

Scroll through the Parent feature tour, and then tap NEXT. 

Read the information YouTube's privacy policies and choose FINISH SETUP. 
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12.14.9 YouTube Kids Parental or Guardian Permission 
You must be at least 13 years old to access YouTube Kids (where available) if enabled by a parent or 


legal guardian.1 


e If you are under 18, you represent that you have your parent or guardian’s permission to use 


the Service. 

e = It is recommended that your child read this agreement with you. 

e You can find tools and resources to help you manage your family’s experience on YouTube 
(including how to enable a child under the age of 13 to use the Service and YouTube Kids) in 


the Help Center and through Google’s Family Link. 


13 GOOGLE TRACKING AND LOCATION DATA 


Google is an internet search engine. It uses a proprietary algorithm that is designed to retrieve and order 
search results to supply the most relevant and dependable sources of data possible.1% 


Settings are available to control Google’s vast ability to collect data about you in its Activity Controls for 
your Google account.?™ 201 202, 203 The easiest way to begin accessing the extensive controls that Google 


offers users is through the Google Safety Center found at URL https://safety.google/privacy/privacy- 
controls/ 
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13.1 ACCOUNT PRIVACY CONTROLS 


Browser Privacy Control URL 

Google Safety Center https://safety.google/privacy/privacy-controls 
Google Account Privacy Checkup https://myaccount.google.com/privacychecku 
Google Account Activity Controls https://myaccount.google.com/activitycontrols 
Google Dashboard https://myaccount.google.com/dashboard 


(Manage All Of Your Google Data) 


Control Web and App Activity 


https://support.google.com/websearch/answer/54068?p=w 


eb app activity&authuser=0&hl=en&visit_id=63705628760 
0533942-3442343815&rd=1 


Manage Your Location History 


https://support.google.com/websearch/answer/3118687 evi 
sit_id=637056287600533942- 


3442343815&p=location_history&hl=en&rd=1 


Auto-Delete Web and App Activity 


https: 


myactivity.google.com/myactivity?restrict=waa 


Manage YouTube Privacy Settings 


https://support.google.com/youtube/topic/9257518?hl=en 


Your Google Data In Search https://myactivity.google.com/privacyadvisor/search 

Your Google Data In Maps https://myaccount.google.com/yourdata/maps 

Your Google Data In The Assistant https://myaccount.google.com/yourdata/assistant 
Download Your Google Account Data _hitps://takeout.google.com/settings/takeout?pli=1 

Google Ad Settings https://adsettings.google.com/authenticated?utm_source=u 


dc&utm_ medium=r 


Google Maps Timeline 


https://support.google.com/maps/answer/6258979 


Search Activity 


https://support.google.com/websearch/answer/54068 ?co= 
GENIE.Platform%3DDesktop&hl=en 


Shared Usage and Diagnostic Data 


https://support.google.com/accounts/answer/6078260 


Google Security Tips https://safety.google/security/security-tips 
Google Security Tips-Parental https://safety.google/families/parental-supervision 
Supervision 

Google Security-Tips For Families https://safety.google/families/families-tips 
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13.2 ASSISTANT DATA PRIVACY CONTROLS 
In 2019, Google outlined substantial changes to how Google Assistant handles voice recordings.2™ These 
changes originated to meet users’ expectations of data transparency.”” 


e If you use Google Assistant, the table below has the URL you can use to browse or delete your 
Google Assistant data to include your Web and App activity, Voice and Audio recordings, App 
and Contact information from your devices and Ad personalization. 


Browser Privacy Control URL 
Google Assistant https://myaccount.google.com/yourdata/assistant?e=PrivacyAdvisorAssis 


tant&pli=1 


13.3 CALENDAR PRIVACY CONTROLS 

Gmail users are vulnerable to malicious or unsolicited Google Calendar notifications. Google Calendar 
allows anyone to schedule a meeting with you, and Gmail is built to integrate with this calendaring 
functionality.2° 


e When a calendar invitation is sent to a user, a pop-up notification appears on their smartphone. 
e Threat actors can create messages to include a malicious link, which can be used in phishing 
schemes or social engineering attacks.?° 


Browser Privacy Control URL 
Google Calendar 1. https://support.google.com/calendar/answer/37083?hl=en 


2. https://support.google.com/calendar/answer/3 7082 ?hl=en&ref 
topic=3417970 

Google Events 1. https://support.google.com/calendar/answer/6084018 ?co=GENI 

E.Platform%3DDesktop&hl=en 
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13.4 Privacy IN PERSONAL CONTENT 


Personal content 
Your timeline 


Google Photos 


Show your Google Photos in timeline 


Timeline emails 


Get highlights of your timeline in your inbox 
App history 


Web & App Activity is off 


Enable edits and improve the quality of your timeline 


Location settings 


Location Services is not set to always 


Show the location of this device in your timeline 


Location History is off 


Rediscover the places you've been and the routes 
you've traveled 


Delete Location History range 


Permanently delete a range of your Location History 
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Photo Library 


Check for photos 


This allows Google to periodically check for 
photos you can add to places. Photos will never 
be added without permission. 


Profile settings 


Show contributions on your profile 


List all your reviews, photos, any public posts on 
your public profile 


Share profile with businesses 


Make your public profile visible to businesses 
you follow 


Group similar faces 
Manage preferences for face grouping 


Face grouping 
See photos of your favorite people grouped by similar faces. Learn more 


Sharing 
Manage preferences for sharing 


Sharing suggestion notifications 
Receive notifications when you have new photos to share with friends 


Remove video from motion photos 
Share only the still photos when sharing by link & in albums 


Remove geo location in items shared by link 
Affects items shared by link but not by other means 
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About, terms & privacy 


Google Maps © 2019 Google Inc. 


Version 


Terms of Service 


Privacy Policy 


Legal Notices 


Open source licenses 


Location data collection 


Clear application data 


Reset Google Usage ID 
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14 AMAZON 


Amazon is a cloud computing giant and the largest American e-commerce company.”” Amazon collects 
your personal information with what you provide them’ and will use your personal information to 
communicate with you about your purchases of products and services, improve and personalize your 
Amazon experience, and follow legal obligations, among others.7?° 


e Inaddition, Amazon uses your personal information to display interest-based ads*"! for features, 
products, and services that might interest you and cookies and other identifiers to enable 
recognition of your browser or device.?"* 


14.1 PRIVACY SETTINGS 
Visit this link to learn about default Amazon settings to improve your privacy. Follow steps below to act 
at once. https://the-digital-reader.com/2019/04/11/six-default-amazon-security-settings-you-can- 


change-for-more-privacy/23 


14.1.1.1 Removing Your Public Profile 


Edit your name 


This is how you'll appear to other customers. 


Public name 
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14.1.1.2 Private Shopping and Wish Lists 


Home 

Your Orders 
Buy Again 
Your Account 


Shop by Department 


amazon 
SS 


List & Registry 


Shopping List 


Wish List 
Private) 
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14.1.1.3 Browsing History and Tracking Cookies 
Personalized content 


Profile 


Your uploaded product videos 


Your Garage 
Your Fanshop 
Your Pets 


Browsing history 


Review your purchases 


Then, 


Manage History on This Device 


[__reroventitas tom view 


Turn history on/off Off 


Turning off your recently viewed items will remove them 
from view. 
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14.1.1.4 Opting Out of Amazon Advertising Preferences 
Skip this section if you would like Amazon's ability to track your activities and to market items to you. 


App Preferences 


Advertising Preferences > 


Manage Voice Recordings > 


Manage Amazon App Camera Images 


Then, 


< = amazon 


Amazon Advertising Preferences 


What are personalized ads? Personalized ads, sometimes 
referred to as targeted or interest-based ads, are based 
on information about you, such as the products you view 
on Amazon.com, your purchases on Amazon.com, visits 
to websites where we provide ads or content, or use of 
our payment services on other websites. You can set 
your preference for ads personalized by Amazon here, or 
visit our Interest-Based-Ads page to learn more. 


Thank you. Your preferences have been saved. 
| 


Submit Your Preference 


C) Personalize Ads from Amazon 


© Do Not Personalize Ads from Amazon for 
this Internet Browser 
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14.1.1.5 Disabling Amazon Saved Wi-Fi Passwords Feature 
Ever wonder why you did not have to put your Wi-Fi password into your Fire TV or Alexa Echo? It is 
because this setting is enabled.?"* 


Saved Wi-Fi Passwords 


Your saved Wi-Fi passwords allow you to configure compatible 
devices so that you won't need to re-enter your Wi-Fi password 
on each device. Once saved to Amazon, your Wi-Fi passwords 
are sent over a secured connection and are stored in an 
encrypted file on an Amazon server. Amazon will only use your 
Wi-Fi passwords to connect your compatible devices and will 
not share them with any third party without your permission. 
Learn more 


Your Saved Wi-Fi Passwords 


All Devices 


Wi-Fi simple setup 


Enable this setting to allow eligible devices to automatically 
use your saved Wi-Fi passwords during setup. 


Wi-Fi simple setup is disabled | Enable 
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14.1.1.6 Disabling Voice Recordings through the Amazon App 


Manage Voice Recordings 

When you use voice search with the Amazon App, we 
keep the voice recording associated with your account to 
learn how you speak to improve the accuracy of results 
provided to you and to improve our services. 


You can choose to delete voice recordings you've made 
in the Amazon App that are associated with your 
account. This will delete these associated voice 
recordings you've made in the Amazon App on all 
mobile devices and may degrade your experience using 
voice features. 


Y Your request was received 


14.1.1.7 Disabling Camera Images through the Amazon App 
App Preferences 


Advertising Preferences 


Manage Voice Recordings > 


Manage Amazon App Camera Images > 


Then, 


108 | Page 


< = amazon 


Manage Amazon App Camera 


Images 


When you use the camera to search in the Amazon App, 
we process the images related to your use of the camera 
in the Amazon App to provide and improve our services. 
You can choose to delete the images associated with 
your account by tapping on the delete button below. 


VY We have successfully received your request. 


14.2 AMAZON SECURITY SETTINGS 


14.2.1 Security Alerts 
If you get a Security Alert about activity you do not recognize, click or tap the Not Me option in the 
notification so we can help you reset your Amazon password immediately to secure your account. 


If you are not able to sign into Amazon because you do not have access to the email or mobile 
phone on your account anymore, contact Customer Service for help restoring access.”*° 


14.2.2 Browser Extensions and Privacy 
Some browser extensions track your private shopping behavior and collect data like order history and 
items saved in your Amazon cart. 


To protect your privacy and security, please refer to the links listed below and follow the 
instructions supported the specific browser of your choice to remove a harmful extension."° 


Chrome 


Firefox 


14.2.3 Two-Step Verification 
It is highly recommended you enable this feature in Amazon. 
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e When you try to log in, Two-Step Verification sends you a unique security code. 
e Per Amazon, when you sign up for Two-Step Verification, Amazon will send you a unique code 


by text message, voice call, or authenticator app. 
e = The following link takes the mystery out of enrolling in this feature. 


14.2.4 One-Time Passwords for All Devices 
After enrolling in Two-Step Verification, | would also recommend not suppressing any future One-Time 
Password (OTP) challenges as this moves you from the realm of Two-Factor Authentication to a Multi- 
Factor Authentication posture within Amazon. 


e This feature allows you to enable a requirement for OTP on all devices. | would highly 
recommend enabling this feature. 


14.2.5 Secure Delivery with One-Time Password (OTP) 
If you want to take your Operational Security to the next level might, | would recommend enabling 


Amazon’s One-time password (OTP) verification feature. 


e By enabling OTP verification, Amazon will send you a six-digit numeric PIN code that is valid until 
the end of the day adding yet another layer of security to your packages. 

e Should you be delayed and miss the designated rendezvous point and time of package delivery, 
Amazon has you covered in case as they will re-attempt delivery the next day or if you have a 
trusted contact, you may share the OTP with whoever you choose to receive the package on 
your behalf. 

e Remember to never share the OTP with the delivery agent over phone as OTP is intended for 
you to ensure secured delivery of the package. 


14.2.6 1-Click Settings 
1-Click lets you associate a credit, debit, or Amazon Store Card with addresses you ship to often so you 


can place orders with a single click of a button. 


e When you disable 1-Click, it only disables 1-Click for orders that can be shipped. 1-Click 


ordering does not affect digital purchases. 

e Since your browser must be cookie-enabled to use 1-Click shopping, if your browser is not 
cookie-enabled, you can still buy items by adding them to your Shopping Cart and 
clicking "Proceed to checkout". 

e It is recommended using the "Disable 1-Click everywhere" setting, which you can also enable 
for your Mobile orders at the following link to ensure you do not fall victim to a scam. 


14.3 AMAZON ALEXA ECHO SETTINGS 
14.3.1 Delete Voice Recordings 


You can play back all of the recordings in the history menu on Alexa.amazon.com, and if you like you 
can delete the recordings one-by-one.72” 
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e However, if you want to remove all the recordings, the best way to do this is to visit 
the "Manage your content and devices" page on Amazon.com. 
e Any Alexa apps you have registered, as well as the Echo smart speakers, will be listed on this 


page. 
e You can select each one, and remove the recordings associated with the app or device. 
e If you use Alexa on a Fire tablet, you can also remove those recordings from this page. 


— amazon 
—= ~~ 


Manage Your Content and Devices 


Content Devices Preferences Alexa Privacy 


Menu 


Review Voice History 


Voice History shows your voice interactions with Alexa. You 
can filter by date and choose an entry to see details, listen to 


and delete recordings. 


Date Range 


| All History Vv | 


Delete All Recordings for All History 


Audio was not intended for Alexa 


On April 23, 2019 at 10:21 AM on Echo Dot 


“play super friend by grant gustin” 


On April 23, 2019 at 10:18 AM on Echo Dot 


“alexa” 


On April 23, 2019 at 10:18 AM on Echo Dot 
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14.3.2 Disable Voice Purchasing 
Go to Settings -> Alexa Account -> Voice Purchasing and make sure the "Purchase by voice" option is 


turned off to stop voice command purchases. 


If you want to use voice purchasing but want to keep others from using it, you can generate a 
voice code, which will be needed before every purchase. 

Alternatively, follow the instructions at URL Follow the instructions from URL 
https://www.azcentral.com/story/money/business/tech/2019/04/29/heres-how-you-use- 


amazons-echo-google-home-apples-homepod-without-giving-up-your- 


to stop voice command purchases. 


14.3.3 Managing How Your Data Improves Alexa and Opting Out 


Manage How Your Data Improves Alexa 


Use Voice Recordings to Help Develop New Features 


raining Alexa with recordings from @ diverse range of customers helps ensure Alexa works wel 


g is enabled, your voice recordings may bi 


new features may not work well for you 
¥ 2 


Help Develop New Features 


Learn more about Alexa and Privacy 


Use Messages to Improve Transcriptions 


Allow Amazon to use messages you send with Alexa to improve transcnption accurac 
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14.4 AMAZON SIDEWALK 


Amazon Sidewalk is a new feature rolling out to Amazon-branded gadgets in the final weeks of 2020. 


This service is designed to act as a backup network in the event 
Ring and Echo devices lose their internet connection.?*® 


e Amazon Sidewalk allows select Echo and Ring devices 
to piggyback off nearby Amazon gadgets’ 
connections.”?9 

e This can include devices belonging to other people in 
other houses. 

e If auser has Amazon Sidewalk enabled on their Ring 
or Echo, their devices can use your connections in an 
outage as well. 

e If you have not done so already, | would highly 
recommend reading the Amazon Sidewalk Privacy and 
Security Whitepaper. 

e While it is possible that this feature dovetails with 
Amazon's "Saved Wi-Fi Password Feature", it is not 
specifically listed in the white paper and at the time of 
this publication. 

e As of this publication, it is unknown whether opting 


Coming Soon! Amazon 
Sidewalk 


Amazon Sidewalk is a shared network that 
helps devices work better. Sidewalk can help 
your compatible devices automatically connect 
or reconnect to your router.It can also extend 
the coverage for Sidewalk-enabled devices 
such as Ring smart lights and pet and object 
trackers, so they can stay connected and 
continue to work over longer 
distancesSidewalk uses a small portion of your 
Internet bandwidth to provide these services 
to you and your neighbors. 


This setting will apply to all of your supported 
Echo and Ring devices thatare linked to your 
Amazon account. You can update this setting 
at any time. 


Amazon Sidewalk 


into the use of Amazon Sidewalk re-enables this feature to use or it is simply restored by opting 


into Amazon Sidewalk. 


15 GAMING CONSOLES 


Gaming consoles like the Nintendo Switch, PlayStation 4, and X-Box One all have social media services. 
Check the below settings and advice for controlling your accounts’ privacy. 


15.1.1Consoles and Online Services 


Service Privacy Settings/Advice 
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Nintendo Switch 


https://en-americas- 
support.nintendo.com/app/answers/detail/a_id/15987/~/how-to-adjust- 


nintendo-account-profile-settings-%28country%2C-email%2C-etc.%29 


PlayStation 4 (PS4) 
and PlayStation 
Network (PSN) 


https://www.playstation.com/en-gb/get-help/help-library/my- 


account/parental-controls/how-to-use-playstation-4-to-limit-who-can- 


conta ct-you-over-plays/ 


https://www.playstation.com/en-us/account-security/2-step-verification 


https://thenextweb.com/basics/2019/01/31/playstation-4-privacy-settings- 


hiding/ 


X-Box One (XONE) 
and X-Box Live 


https://support.microsoft.com/en-us/help/4482922/xbox-one-online-safety- 


and-privacy-settings-for-parents-and-kids 
https://www.thewindowsclub.com/how-to-setup-xbox-privacy-and-online- 


safety-for-kids 
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16 MONEY SERVICES 


Money services are unique in that their primary purpose is financial, but they also share attributes with 
social media, such as the ability to network and/or search for user profiles. Because the main service is 
financial, platform reviews and recommendations can tend to focus on security of finances, rather than 
privacy of personal information - but when a platform stores photos, “friends,” comment history, home 
addresses, contact information, and more, you should protect your money service account the same 
way you would protect any of your other social media. 


e Amoney service business is a non-bank institution that provides mechanisms for people to pay 
in any way or obtain money or cash in exchange for payment through a financial institution or 
institution.?2° 

e AnMsSB provides a significant financial service to underdeveloped regions, often with limited or 
no banking services such as a small organization with outlets such as markets, pharmacies, and 
retailers.?77 

e Inthe United States and many other countries throughout the globe, regulations around money 
transmission are serious business as transmitting money is a serious business. 


16.1 MONEY SERVICES SECURITY AND PRIVACY CONTROLS 

When it comes to Money Services that are available to use, there are an ever-growing plethora of 
choices that offer unique ways to keep your money moving. The following links below provide you with 
the security and privacy settings a user can configure to reduce their Digital Exhaust. 


PayPal Security https://www.paypal.com/us/webapps/m aypal-safety-and-securit 

PayPal Privacy https://www.paypal.com/myaccount/privac 

Venmo Security and https://venmo.com/account/settings/profile 

Privacy 

CashApp Security https://cash.app/help/us/en-us/1015-account-settings 

CashApp Privacy https://cash.app/legal/us/en-us/privac 

Braintree Security https://www.braintreepayments.com/fa 

Braintree Privacy https://braintree.com/docs/privacy_policy.html 

Google Pay Security https://safety.google/intl/en_us/pa 

Google Pay Privacy https://payments.google.com/legaldocument?family=0. privacynotice&hl=en 
-GB 

Apple Pay Security https://support.apple.com/en-us/HT203027 

Apple Pay Privacy https://support.apple.com/en-us/HT210665 


Amazon Pay Security —_https://paymentservices.amazon.com/docs/EN/51.html 

Amazon Pay Privacy https://paymentservices.amazon.com/privac 

Masterpass Security https://masterpass.com/en-jp/faqs/manage-account-security.html 
Masterpass Privacy https://wallet.masterpass.com/Wallet/masterpass/en-au/privacy.html 
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16.2 ADDITIONAL PAYPAL PRIVACY SETTINGS 

PayPal’s account data and privacy settings allow users to manage the use of PayPal to make payments 
on other apps and websites. Within the data and privacy settings, users can also turn off various cookies 
and control settings such as reminders and advertisements.?22 


16.2.1 Setting Payments to Private 
By default, any time you pay for something through Venmo, that amount, and description are public and 
shown to your other friends on the app. Here is how to make it private. 


e Inthe smartphone app, click on the profile icon, then the settings icon (looks like a gear). Select 
Privacy and set the Default Privacy Settings to Private (not Public or Friends). 


16.2.2 Hide Past Transactions 
You will have made an added privacy tweak to hide your past Venmo payments. 


e Inthe same screen, scroll down to More and click Past Transactions. Tap on “Change All to 
Private” 


16.3 “TIPPING” ON TWITTER 

In May 2021, Twitter integrated a PayPal "Tip Jar” system into Twitter’s website, only to receive 
concerns from users when it was found that Tip Jar revealed the sender’s address during each 
transaction. 223 


e This meant that any Twitter user who "tipped” another user could unknowingly reveal where 
they live. 

e Fortunately, this risk can be mitigated by users selecting “No Address Needed” as an option 
when they send someone a “tip” on Twitter.?”4 


16.4 ADDITIONAL VENMO PRIVACY SETTINGS 


|225 


Venmo, which is owned by PayPal**”, offers privacy settings for your transaction history as well as your 


user account, but it should be noted that most information is set to “public” by default.?° 


e Also of note, any user information sent to Venmo is accessible to PayPal as well.72” 


16.4.1 Venmo Transaction Settings 


e Public: The transaction will be shared on the public feed and anyone on the internet may be 
able to see it. 

e Friends only: The transaction will only be shared with your Venmo friends and with the other 
participant’s Venmo friends. 

e Private: Venmo will not share the transaction anywhere other than the "Your Stories" tab in the 
personal transactions feed and, if it is a payment to another user, the feed of the other person 
in the payment. 


116 | Page 


16.4.2 Sender/Recipient Payment Information 


The payment amount, payment note, names of sender/recipient, and timestamp of the payment are 
available to everyone involved in the payment. 


e ONLY the sender of the payment has access to the payment method used (for example: the 
bank account, debit/credit card number, etc.). The recipient will NEVER see this information. 


16.4.3 Visibility of Payment Information 


When a payment is shared, the payment notes, names of sender/recipient, and timestamp of the 
payment will be visible on the public feed. 


e ONLY the sender and recipient have access to the payment amount. 
e ONLY the sender of the payment has access to the payment method used. 


16.4.4 Sharing Payments 
You can set the privacy setting on a payment or purchase on an individual basis. If you do not want to 
change the privacy setting every time you make a payment, you can change your default privacy setting. 
Your future payments will automatically default to your preference, but you can adjust this before 
completing the payment. See instructions below on how to change your privacy setting. 


e When you transact with someone else on Venmo, including payouts from merchants or 
payments with business profiles, the more restrictive privacy setting between the two of you 
will be honored. If you have your payments set to Private but your friend has their payments set 
to Public, a payment between the two of you will be set to Private. 

e Purchases made using your Venmo MasterCard Debit Card or Venmo Credit Card, and purchases 
from approved merchants when you pay with Venmo are Private by default, but you can change 
the privacy setting on any purchase to share them. 

e All your transactions, regardless of privacy setting, will still be visible in your personal 
transactions feed so that you have a transaction record. 


16.4.5 Privacy Settings Individual Payment or Purchase 


You can set the privacy setting for each individual payment or purchase, right from the payment or buy 
itself. 


e Just select or tap on the privacy setting in any payment or purchase and select your preferred 
setting. 

e Venmo’s privacy webpage explains that transactions where each party has different settings, the 
more restricted setting will always be used*”8—so ensure you are protected by changing your 
default privacy setting to “private”. 


16.4.6 Hiding Past and Future Transactions 
If you have not been setting individual transactions to “private” as you go, you can still hide your entire 


history with a few clicks. 


e First, navigate to your home page, and then select “Settings” from the sidebar. 
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e From Settings, select “Privacy”. 
e Once on your Privacy Settings page, set your Default Privacy Settings to “Private.” To hide your 
entire transaction history, select "Change All to Private” in the “Past Payments” section. 


Settings 


Profile 


Default Privacy Settings 
Payment Methods 


Select your default privacy setting for a 
Privacy 


Public 
Notifications © Visible to everyone on the 


Friends & Social at Friends 
: Visible to sender, recipient, and their friends 
Security 
Developer 
Statement 

Past Payments 


Change the privacy setting for all old payments. You can also go to 


Change All to Friends Change All to Private 


Blocked Users 


Save Settings 


17 PHOTO METADATA 


Photo metadata are set of data describing and supplying information about rights and administration of 
an image. 


e Many devices with cameras, like smartphones, embed the set of data into the pictures they 
capture. 

e Data types include the shutter speed, ISO, aperture data, camera mode, and/or GPS location of 
where the picture was taken. 

e They are stored within the pictures they take in a format called the Exchangeable Image Format 
(EXIF) and left intact, present a potential privacy vulnerability when shared across devices or 
uploaded onto the Internet. In short, to protect your privacy, remove EXIF data from your 
images. 


17.1 10S 


17.1.1 Remove EXIF data 
Prior to Apple’s release of iOS 13 there was no native way to disable EXIF data. 
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e With the release of iOS 14, Apple now supplies users a way to remove EXIF data from photos. 
This URL will inform you on how to do so along with other key features within iOS 15 that will 
better enhance your privacy. 

e However, apps, which can remove EXIF data, are available in the iOS App Store. 

e One such app includes Exif Data and the pro version costs $0.99/year. It enables you to view, 
edit, and remove metadata from your iOS devices like iPhone and iPad. 

e It also allows you to spoof a location of your choosing of where the photo was taken which will 
appear within the photo’s metadata. 


Figure 7. Icon for Exif Metadata Apo 


17.1.2 EXIF iOS photos on Apple Mac 


' ° 


According to the article "Parenting tip: Share your iOS photos without revealing your EXIF location 
data" at URL https: 


without-revealing-your-exif/ :" 


e The easiest way to view EXIF data is on your Mac. Just transfer your photos to your Mac using 
iPhoto, tap on the image and select the "i" for info. 

e All the EXIF data, including a map of the GPS coordinates will appear within the iPhoto window. 

e If you do not see a map, then you may have to hop into iPhoto preferences and turn on this 
mapping feature. Go to iPhoto > Preferences, and then click Advanced. If you choose 
"Automatically", then iPhoto will scan your photos for GPS data and map them for you. 

e While you are in the settings, you should check the status of the "Include location information 
for published photos" option. 

e = If itis selected, then the location data will remain intact when you use iPhoto to upload your 
photos to other services. 

e If it is not selected, then the location data will be stripped from the file by iPhoto during the 
upload process. 
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e Unselecting this option is the preferred choice if you don't want people to know the location of 


eoece Advanced 


3) BS @ |e 


Central Appearance (Cloud Accounts 


Importing: ww Copy items to the iPhoto Library 


Edit Photos: in iPhoto 


RAW Photos: Use RAW when using external editor 
Save edits as 16-bit TIFF files 


Look up Places: Automatically 
Include location information for published items 
Email: Automatically Bcc myself 
Print Products Store: United States 


? 


your photos." 


17.1.3. EXIF Location Data on iOS 
Turn off photo geotagging feature by going to Location Services in the Settings. 
e Tap on Settings > Privacy > Location Services and then scroll down to the Camera app to make 
sure it is toggled off. 
e NOTE: this only applies to photos taken after you have turned off the location feature and does 
not remove any other EXIF data. 


€ Location Services Camera 


ALLOW LOCATION ACCESS 


Never 


While Using the App 


App explanation: “Photos and videos will be tagged with the 
location where they are taken.” 


17.1.4 iOS App Change Camera Settings 
Enable Screen Time for your devices, go to Location Services, and click Don’t Allow changes. 
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e See Section 3.18.1 for more information about Screen Time. 
e You canalso visit Apple’s information about Screen Time at URL https://support.apple.com/en- 


us/HT208982 


€ Back Location Services 


Allow Changes 


Don’t Allow Changes 


Disallowing changes locks the settings shown below and 
prevents new apps from using location services. 
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17.2 ANDROID 


17.2.1 Camera App Location Data 
Open the Camera app on your phone. 


Tap the Settings option on the viewfinder. For Samsung phones, the settings gear is in the top 
left corner. For Google Pixel phones, you will need to tap the downward-facing arrow at the top 
of the screen, and then tap the settings gear in the menu that appears. 

Turn off the Location toggle in the setting menu. On Samsung phones, Location is near the 
bottom, but it is the first setting in Google Camera advanced menu.?”? 


17.2.2 Gallery App Location Data 
Open Gallery app on your phone. 


Tap the picture you want to remove location data from. 
Swipe up on the picture to pull up the picture's information. 
Tap Edit. 

Tap the red minus next to the location data to remove it. 
Tap Save. 


17.3 GOOGLE PHOTOS 

There is an obvious concern any time you upload your pictures to a service on the internet you should 
exercise caution.?°° Even though Google actively works to secure their services, there is always a chance 
of vulnerability and the risk that someone could get access to your pictures and videos. The following 
privacy settings are worth noting should you choose to enable them: 


Only share pictures with people you know. 

Check the “Sharing” settings on each album you create. 

Do not upload pictures to Shared Albums from people you do not know. 

Turn on “Remove Geo-Location in Items Shared by Link”. 

Turn off “Google Location History” in the Google Photos Settings. 
Occasionally check the Sharing settings on your account to keep things private. 


Beyond what was noted above, Google has other specific privacy settings available with Google Photos. 


17.3.1 Location Data in Photos 
Open Google Photos on your phone or visit the Google Photos website on your computer. 


Open the picture you wish to remove location data from. 

In the Google Photos app, swipe up to reveal the photo information. On desktop, click the Info 
icon in the top right option bar (looks like a lower case jin a circle). 

Tap the icon to the right of the listed location. 

In the Google Photos app, tap Remove Location. On desktop, click No location. 

In the Google Photos app, tap Remove. 
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17.3.2. Memories 
Memories are collections of some of your best photos and videos whether from previous years or recent 
weeks. Memories are available on Android devices, iPhones, and iPads. 


You can select the types of Memories you want to see above your photo grid. The Memories carousel 
above the photo grid only appears when at least one memory type is selected.72" 


e Onyour Android phone or tablet, open the Photos app Photos. 

e Atthe top right, tap your account profile photo or initial and then Photo’s settings and then 
Memories. 

e Tap Featured memories. 

e Select the types of memories you want to see. 


17.3.3 Hide someone 


Google allows you to exclude people and even pets from Memories.??2 


e Onyour Android phone or tablet, open the Photos app Photos. 

e Atthe top right, tap your account profile photo or initial and then Photo’s settings and then 
Memories. 

e Tap Hide people & pets. 

e Choose who you want to hide. 

e Toshow someone, tap their face again. 
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18 TRAFFIC LIGHT PROTOCOL (TLP) DEFINITIONS 


Traffic Light Protocol (TLP) Definitions 


Color 


When should it be used? 


How may it be shared? 


ce 


Not for disclosure, restricted 
to participants only. 


Sources may use TLP:RED when information 
cannot be effectively acted upon by additional 
parties, and could lead to impacts on a party's 
privacy, reputation, or operations if misused. 


Recipients may not share TLP:RED information with any parties outside 
of the specific exchange, meeting, or conversation in which it was 
originally disclosed. In the context of a meeting, for example, TLP:RED 
information is limited to those present at the meeting. In most 
circumstances, TLP:RED should be exchanged verbally or in person. 


Coy 


Limited disclosure, restricted 
to participants’ 
organizations. 


Sources may use TLP: AMBER when 
information requires support to be effectively 
acted upon, yet carries risks to privacy, 
reputation, or operations if shared outside of 
the organizations involved. 


Recipients may only share TLP: AMBER information with members of 
their own organization, and with clients or customers who need to know 
the information to protect themselves or prevent further harm. Sources 
are at liberty to specify additional intended limits of the sharing: 
these must be adhered to. 


oo 


Limited disclosure, restricted 
to the community. 


Sources may use TLP:GREEN when 
information is useful for the awareness of all 
participating organizations as well as with 
peers within the broader community or sector. 


Recipients may share TLP:GREEN information with peers and partner 
organizations within their sector or community, but not via publicly 
accessible channels. Information in this category can be circulated widely 
within a particular community. TLP:GREEN information may not be 
released outside of the community. 


Disclosure is not limited. 


Sources may use TLP:WHITE when 
information carries minimal or no foreseeable 
risk of misuse, in accordance with applicable 
tules and procedures for public release. 


Subject to standard copyright rules, TLP: WHITE information may be 
distributed without restriction. 
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